International Association for Cryptologic Research

International Association
for Cryptologic Research

IACR News

Updates on the COVID-19 situation are on the Announcement channel.

Here you can see all recent updates to the IACR webpage. These updates are also available:

RSS symbol icon
via RSS feed
Twitter bird icon
via Twitter
Weibo icon
via Weibo
Facebook icon
via Facebook

29 November 2021

Joachim Neu, Srivatsan Sridhar, Lei Yang, David Tse, Mohammad Alizadeh
ePrint Report ePrint Report
Satoshi Nakamoto's Proof-of-Work (PoW) longest chain (LC) protocol was a breakthrough for Internet-scale open-participation consensus. Many Proof-of-Stake (PoS) variants of Nakamoto's protocol such as Ouroboros or Snow White aim to preserve the advantages of LC by mimicking PoW LC closely, while mitigating downsides of PoW by using PoS for Sybil resistance. Previous works have proven these PoS LC protocols secure assuming all network messages are delivered within a bounded delay. However, this assumption is not compatible with PoS when considering bandwidth constraints in the underlying communication network. This is because PoS enables the adversary to reuse block production opportunities and spam the network with equivocating blocks, which is impossible in PoW. The bandwidth constraint necessitates that nodes choose carefully which blocks to spend their limited download budget on. We show that 'download along the longest header chain', a natural download rule for PoW LC, emulated by PoS variants, is insecure for PoS LC. Instead, we propose 'download towards the freshest block' and prove that PoS LC with this download rule is secure in bandwidth constrained networks. Our result can be viewed as a first step towards the co-design of consensus and network layer protocols.
Expand
Kamilla Nazirkhanova, Joachim Neu, David Tse
ePrint Report ePrint Report
The ability to verifiably retrieve transaction or state data stored off-chain is crucial to blockchain scaling techniques such as rollups or sharding. We formalize the problem and design a storage- and communication-efficient protocol using linear erasure-correcting codes and homomorphic vector commitments. Motivated by application requirements for rollups, our solution departs from earlier Verifiable Information Dispersal schemes in that we do not require comprehensive termination properties or retrievability from any but only from some known sufficiently large set of storage nodes. Compared to Data Availability Oracles, under no circumstance do we fall back to returning empty blocks. Distributing a file of 28.8 MB among 900 storage nodes (up to 300 of which may be adversarial) requires in total approx. 95 MB of communication and storage and approx. 30 seconds of cryptographic computation on a single-threaded consumer-grade laptop computer. Our solution requires no modification to on-chain contracts of Validium rollups such as StarkWare's StarkEx. Additionally, it provides privacy of the dispersed data against honest-but-curious storage nodes.
Expand

28 November 2021

Beersheba, Israel, 30 June - 1 July 2022
Event Calendar Event Calendar
Event date: 30 June to 1 July 2022
Submission deadline: 7 February 2022
Notification: 14 March 2022
Expand
Bristol, United Kingdom, 31 January - 4 February 2022
School School
Event date: 31 January to 4 February 2022
Expand

27 November 2021

31 January 2023
Event Calendar Event Calendar
Event date: 31 January 2023
Submission deadline: 30 April 2022
Notification: 31 July 2022
Expand
Virtual event, Anywhere on Earth, 10 December - 11 December 2021
Event Calendar Event Calendar
Event date: 10 December to 11 December 2021
Expand
Nagasaki, Japan, 30 May -
Event Calendar Event Calendar
Event date: 30 May to
Submission deadline: 8 January 2022
Notification: 22 February 2022
Expand
Santa Barbara, USA, 13 August - 18 August 2022
CRYPTO CRYPTO
Event date: 13 August to 18 August 2022
Expand
Indian Statistical Institute, Kolkata
Job Posting Job Posting
Indian Statistical Institute invites applications from duly qualified for full-time faculty positions at the level of Assistant Professors and Associate Professor, to be placed at the R. C. Bose Centre for Cryptology and Security of the Institute, in Kolkata. Candidates with a strong research background in Cryptology and Security (preferably in Cybersecurity or IoT). For details please visit https://www.isical.ac.in/sites/default/files/jobs/rcbccs_advt_2022.pdf

Closing date for applications:

Contact: rcbose@isical.ac.in

More information: https://www.isical.ac.in/sites/default/files/jobs/rcbccs_advt_2022.pdf

Expand
Ruhr-Universität Bochum
Job Posting Job Posting
The newly established Chair of Information Security at RUB has multiple open positions for PhD students and postdoctoral researchers in the area of system security, particularly (but not limited to) those specializing in:

- Blockchain security and privacy: we explore how to improve the security and privacy of cryptocurrencies and modern blockchain platforms while enhancing their performance and scalability.
- Platform security: we explore how to make use of hardware support to improve the security and privacy of platforms.
- ML security and privacy: we investigate how we can improve the security of machine learning algorithms and how to securely use machine learning to secure existing platforms.

Are you excited by opportunities to work in any of those topics? Do you have a solid background in blockchain technologies, machine learning techniques, or security/privacy concepts? Are you excited about building highly performant secure systems? If so, we'd like to hear from you. If you are interested in applying, please send an email to Prof. Dr. Karame (ghassan.karame@rub.de) with your current CV and a description of why you think you are a good fit.

Closing date for applications:

Contact: Prof. Dr. Ghassan Karame

Expand

24 November 2021

SCRIPTS @ Nanyang Technological University, Singapore
Job Posting Job Posting
The Strategic Centre for Research in Privacy-Preserving Technologies & Systems (SCRIPTS) at Nanyang Technological University in Singapore has several open positions on Post-Doc Research Fellow, supported by a Post-Quantum Cryptography research project in both public-key and symmetric-key led by Prof Huaxiong Wang and Prof Jian Guo.

Your role:
  • To work, both independently and collaboratively, on a research-orientated post-quantum project including cryptanalysis and design of post-quantum public-key and symmetric-key cryptography primitives.
  • To publish in top conferences
Requirements:
  • PhD in cryptography
  • Track-record publications in Tier-1 conferences (Asiacrypt, Eurocrypt, Crypto, CCS, Usenix, IEEE S&P, NDSS)
We offer:
  • globally competitive salary package
  • a team with strong capability in development and research to work with
  • various opportunities to work with our industry partners
Duration: 2 years

Interested candidates are to send their CV and 2 reference letters. Review of applicants will start immediately until all positions are filled. More information about SCRIPTS centre can be found in https://www.ntu.edu.sg/scripts

Closing date for applications:

Contact: scripts@ntu.edu.sg with subject [IACR-PQC]

More information: https://www.ntu.edu.sg/scripts

Expand
Lund University
Job Posting Job Posting
The CRYSPY Lab (CRyptography, Security and PrivacY) at Lund University is looking for a Post Doctoral researcher to work on the design of post-quantum secure cryptographic solutions. We welcome applications from Ph.D. holders, the ideal candidate is expected to be motivated, able to carry research tasks in an independent way, open to collaborate in on-going projects in a team-work fashion, and willing to perform some teaching duties. There is also time for independent research, no restrictions on collaboration with other researchers. The application will be open until we find a suitable candidate.
Main requirements: a Ph.D. degree in Computer Science, Applied Mathematics, or a related field. Competitive research record in cryptography or information security. Strong mathematical or algorithmic background. Fluent written and verbal communication skills in English.
About the CRYSPY lab: we are about 20 researchers (counting PhD students and seniors) passionate about solving real world security issues as well as posing and addressing security challenges of a theoretical taste. We have a long history of design and cryptanalisys of symmetric ciphers and lattice-based constructions, as well as network-security. More recently, we are moving towards post-quantum cryptosystems, homomorphic authenticators, privacy-aware data storage and sharing solutions.
For more info: https://www.eit.lth.se/index.php?gpuid=508&L=1 and https://epagnin.github.io

Closing date for applications:

Contact: elena.pagnin@eit.lth.se

More information: https://lu.varbi.com/en/what:job/jobID:439586/type:job/where:4/apply:1

Expand
CNRS / University of Rennes 1, France
Job Posting Job Posting
We are looking for a Research Fellow (Post-Doc), to join our group. The applicants should have background and be interested in working on different aspects of lattice based cryptography, and a strong publication record, in particular on:
    - security proofs for lattice-based schemes,
    - building and implementing lattice-based constructions.
The research will take place in the CAPSULE team (formerly called EMSEC team), within the IRISA computer science institute located in Rennes, France. To apply please send us by email your detailed CV (with publication list) and a research statment. The position has flexible starting date, with possibility to start in January / February 2022 or later.
Review of applications will start immediately until the position is filled.

Closing date for applications:

Contact: Adeline Roux-Langlois / adeline.roux-langlois@irisa.fr and Alexandre Wallet / alexandre.wallet@inria.fr

Expand
Unversity of Warwick, Department of Computer Science
Job Posting Job Posting
There are fully funded PhD scholarships available to the UK, EU and international students at the Department of Computer Science, University of Warwick. Students who are interested to pursue a PhD in security and applied cryptography are encouraged to contact feng.hao@warwick.ac.uk with a CV.

Closing date for applications:

Contact: feng.hao@warwick.ac.uk

More information: https://warwick.ac.uk/fac/sci/dcs/people/feng_hao/openings/

Expand
CSEM, Neuchâtel / AAU, Department of Artificial Intelligence and Cybersecurity, Klagenfurt, Austria
Job Posting Job Posting

You will conduct research towards a distributed intrusion detection system for constrained devices in real-world IoT applications. The intrusion detection system (IDS) you will develop will facilitate detection and containment of a security breach in the Edge, making the IoT applications of tomorrow more secure and reliable.

Your activity will be at an exciting intersection of the following fields:
  • Embedded development. The constrained nature of low-power embedded world will present you with stimulating research challenges. You will implement and test your results on real-world, low-power embedded HW platforms, maintaining a steady link between your research and practice and ensuring a real-world impact.
  • Applied security. To defend from attacks, you will get intimately familiar with them. You will acquire knowledge of different types of intrusion, how they manage to penetrate a system, and how they can be recognized.
  • Artificial intelligence. Modern IDS systems rely on AI. You will review the state of the art, select the most viable AI algorithms for an IDS in the constrained setting of IoT Edge, and carefully tweak them for the job.
  • Distributed computing. A swarm of Things in the Edge can, collaboratively monitor itself much more effectively than a single device. You will combine all the above and deploy a distributed IDS on a group of constrained embedded devices, identifying the tradeoffs between efficiency and overhead.
The result of your work will be an IDS system, which will be able to make a difference in the security and reliability of real-world IoT applications.
We are looking for a student who has a Masters (or equivalent) degree in Electrical Engineering, Electronics or Computer Science with background and passion in (most of):
  • Solid understanding of machine learning concepts and some practice
  • Proficiency with programming in C
  • Experience with embedded development is an advantage
  • Background in applied cryptography and security is an advantage
  • Fluency in English is required, proficiency in French is an advantage.
  • Good communication and interpersonal skills.

    Closing date for applications:

    Contact: To apply visit https://www.csem.ch/page.aspx?pid=47528&jobid=122842.
    You will be based in part at CSEM (Switzerland), and in part at the Cybersecurity Research Group at AAU (Austria); you need to be eligible to work in Europe, and you need to be flexible as you will travel regularly.

    More information: https://www.csem.ch/page.aspx?pid=47528&jobid=122842

Expand
University of Waterloo, Department of Combinatorics and Optimization
Job Posting Job Posting

The Faculty of Mathematics at the University of Waterloo invites applications from outstanding qualified candidates for two, 2-year, prestigious postdoctoral fellowship positions. Applications are solicited from any of the research areas of the Department of Combinatorics & Optimization: Algebraic Combinatorics, Discrete Optimization, Continuous Optimization, Cryptography, Graph Theory, and Quantum Computing.

A Ph.D. degree and evidence of excellence in research are required. Successful applicants are expected to maintain an active program of research. The annual salary is $75,000. In addition, a travel fund of $15,000 per year is provided. The anticipated start date is fall 2022.

Interested individuals should apply using the MathJobs site (https://www.mathjobs.org/jobs/list/19031). Applications should include a cover letter describing their interest in the position, and names of faculty members with whom the applicant would like to interact, a curriculum vitae and research statement, and at least three reference letters.

Inquiries may be addressed to Jochen Koenemann, Chair, Department of Combinatorics and Optimization. The deadline for application is December 31, 2021.

Closing date for applications:

Contact: Jochen Koenemann (jochen@uwaterloo.ca)

More information: https://uwaterloo.ca/combinatorics-and-optimization/career-opportunities#PrestigiousPDF

Expand
University of Leuven (KU LEUVEN)
Job Posting Job Posting
The Computer Security and Industrial Cryptography (COSIC) research group belongs to the Electrical Engineering Department at the KU Leuven. Research group COSIC is looking for a Postdoc researcher to work on efficient MPC protocols for privacy-preserving machine learning.
The prospective candidate will design and develop efficient MPC protocols for privacy-preserving data analytics for medical diagnostics and predictive maintenance applications. The work includes, but is not limited to, investigating machine learning algorithms that best suit MPC and that have efficient implementations over MPC. You will be working closely with tools such as SCALE-MAMBA and/or MP-SPDZ. The candidate will be part of a team in a project on Secure and Scalable Data Sharing, which will run until mid-2025.
Specific skills required:
The candidate must hold a PhD degree in Cryptography or a related subject with strong publication records in crypto/security venues. In addition to a strong background in both public and symmetric cryptography, good knowledge in MPC, machine learning algorithms, and cryptographic protocols are expected. Hands on experience with an MPC framework will be considered as a merit. The candidate should also have coding experience in C/C++ and Python, experience in practical aspects of secure computation is a must.

Closing date for applications:

Contact: Please check the application procedure at https://www.esat.kuleuven.be/cosic/vacancies/ and send all requested documents to jobs-cosic@esat.kuleuven.be

More information: https://www.esat.kuleuven.be/cosic/vacancies/

Expand

23 November 2021

Alex Lombardi, Fermi Ma, Nicholas Spooner
ePrint Report ePrint Report
A major difficulty in quantum rewinding is the fact that measurement is destructive: extracting information from a quantum state irreversibly changes it. This is especially problematic in the context of zero-knowledge simulation, where preserving the adversary's state is essential.

In this work, we develop new techniques for quantum rewinding in the context of extraction and zero-knowledge simulation:

(1) We show how to extract information from a quantum adversary by rewinding it without disturbing its internal state. We use this technique to prove that important interactive protocols, such as the Goldreich-Micali-Wigderson protocol for graph non-isomorphism and the Feige-Shamir protocol for NP, are zero-knowledge against quantum adversaries.

(2) We prove that the Goldreich-Kahan protocol for NP is post-quantum zero knowledge using a simulator that can be seen as a natural quantum extension of the classical simulator.

Our results achieve (constant-round) black-box zero-knowledge with negligible simulation error, appearing to contradict a recent impossibility result due to Chia-Chung-Liu-Yamakawa (FOCS 2021). This brings us to our final contribution:

(3) We introduce coherent-runtime expected quantum polynomial time, a computational model that (a) captures all of our zero-knowledge simulators, (b) cannot break any polynomial hardness assumptions, and (c) is not subject to the CCLY impossibility. In light of our positive results and the CCLY negative results, we propose coherent-runtime simulation to be the right quantum analogue of classical expected polynomial-time simulation.
Expand
Fahim Rahman, Farimah Farahmandi, Mark Tehranipoor
ePrint Report ePrint Report
FPGA bitstream encryption and authentication can be defeated by various techniques and it is critical to understand how these vulnerabilities enable extraction and tampering of commercial FPGA bitstreams. We exploit the physical vulnerability of bitstream encryption keys to readout using failure analysis equipment and conduct an end-to-end bitstream tamper attack. Our work underscores the feasibility of supply chain bitstream tampering and the necessity of guarding against such attacks in critical systems.
Expand
Shay Gueron, Ashwin Jha, Mridul Nandi
ePrint Report ePrint Report
COMETv1, by Gueron, Jha and Nandi, is a mode of operation for nonce-based authenticated encryption with associated data functionality. It was one of the second round candidates in the ongoing NIST Lightweight Cryptography Standardization Process. In this paper, we study a generalized version of COMETv1, that we call gCOMET, from provable security perspective. First, we present a comprehensive and complete security proof for gCOMET in the ideal cipher model. Second, we view COMET, the underlying mode of operation in COMETv1, as an instantiation of gCOMET, and derive its concrete security bounds. Finally, we propose another instantiation of gCOMET, dubbed COMETv2, and show that this version achieves better security guarantees as well as memory-efficient implementations as compared to COMETv1.
Expand
◄ Previous Next ►