International Association
for Cryptologic Research

Multi-Client Functional Encryption ($\mathsf{MCFE}$) has been considered as an important primitive for making functional encryption useful in practice. It covers the ability to compute joint function over data from multiple parties similar to Multi-Input Functional Encryption ($\mathsf{MIFE}$) but it handles information leakage better than $\mathsf{MIFE}$. Both the $\mathsf{MCFE}$ and $\mathsf{MIFE}$ primitives are aimed at applications in multi-user settings where decryption can be correctly output for legitimate users only. In such a setting, the problem of dealing with access control in a fine-grained manner is particularly relevant. In this paper, we introduce a framework for $\mathsf{MCFE}$ with fine-grained access control and propose constructions for both single-client and multi-client settings, with selective and adaptive security. The only known work that combines functional encryption in multi-user setting with access control was proposed by Abdalla $\mathit{et al.}$ (Asiacrypt '20), which relies on a generic transformation from the single-client schemes to obtain $\mathsf{MIFE}$ schemes that suffer a quadratic factor of $n$ (where $n$ denotes the number of clients) in the ciphertext size. We present a {duplicate-and-compress} technique to transform the single-client scheme and obtain a $\mathsf{MCFE}$ with fine-grained access control scheme with only a linear factor of $n$ in the ciphertext size. Our final scheme thus outperforms the Abdalla $\mathit{et al.}$'s scheme by a factor $n$, while $\mathsf{MCFE}$ is more difficult to achieve than $\mathsf{MIFE}$ (one can obtain $\mathsf{MIFE}$ from $\mathsf{MCFE}$ by making all the labels in $\mathsf{MCFE}$ a fixed public constant).

This work introduces new key recovery attacks against the Rainbow signature scheme, which is one of the three finalist signature schemes still in the NIST Post-Quantum Cryptography standardization project. The new attacks outperform previously known attacks for all the parameter sets submitted to NIST and make a key-recovery practical for the SL 1 parameters. Concretely, given a Rainbow public key for the SL 1 parameters of the second-round submission, our attack returns the corresponding secret key after on average 53 hours (one weekend) of computation time on a standard laptop.

Attribute-based credential systems enable users to authenticate in a privacy-preserving manner. However, in such schemes verifying a user's credential requires knowledge of the issuer's public key, which by itself might already reveal private information about the user.

In this paper, we tackle this problem by introducing the notion of issuer-hiding attribute-based credential systems. In such a system, the verifier can define a set of acceptable issuers in an ad-hoc manner, and the user can then prove that her credential was issued by one of the accepted issuers -- without revealing which one.

We then provide a generic construction, as well as a concrete instantiation based on Groth's structure preserving signature scheme (ASIACRYPT'15) and simulation-sound extractable NIZK, for which we also provide concrete benchmarks in order to prove its practicability.

The online complexity of all constructions is independent of the number of acceptable verifiers, which makes it also suitable for highly federated scenarios.

Kyber is a candidate in the third round of the National Institute of Standards and Technology (NIST) Post-Quantum Cryptography (PQC) Standardization. However, because of the protocol's independence assumption, the bound on the decapsulation failure probability resulting from the original analysis is not tight. In this work, we give a rigorous mathematical analysis of the actual failure probability calculation, and provides the Kyber security estimation in reality rather than only in a statistical sense. Our analysis does not make independency assumptions on errors, and is with respect to concrete public keys in reality. Through sample test and experiments, we also illustrate the difference between the actual failure probability and the result given in the proposal of Kyber. The experiments show that, for Kyber-512 and 768, the failure probability resulting from the original paper is relatively conservative, but for Kyber-1024, the failure probability of some public keys is worse than claimed. This failure probability calculation for concrete public keys can also guide the selection of public keys in the actual application scenarios. What's more, we measure the gap between the upper bound of the failure probability and the actual failure probability, then give a tight estimate. Our work can also re-evaluate the traditional $1-\delta$ correctness in the literature, which will help re-evaluate some candidates' security in NIST post-quantum cryptographic standardization.

With the rapid growth of the blockchain market, privacy and security issues for digital assets are becoming more and more important. In the most widely used public blockchains such as Bitcoin and Ethereum, all activities on user accounts are publicly disclosed and also violate privacy regulations such as EU GDPR. Encryption of accounts and transactions may protect privacy, but it also raises issues of validity and transparency: encrypted information alone cannot verify the validity of a transaction and makes it difficult to meet antimoney laundering, i.e. auditability.

To solve the above problem, we propose an auditable zero-knowledge transfer framework called Azeroth. Azeroth connects a zero-knowledge proof for an encrypted transaction, enabling to check its validation while protecting its privacy. Azeroth also allows authorized auditors to audit transactions. Azeroth is designed as a smart contract for flexible deployment on top of an existing blockchain. According to the result of our experiment, the additional time required to generate a proof is about 901ms.The security of Azeroth is formally proven under the cryptographic assumptions.

Event date: 23 August to 26 August 2022
Submission deadline: 6 March 2022
Notification: 16 May 2022

Event date: to
Submission deadline: 23 November 2022
Notification: 23 January 2023

Event date: to
Submission deadline: 1 September 2022
Notification: 1 November 2022

Event date: to
Submission deadline: 1 June 2022
Notification: 1 August 2022

Event date: to
Submission deadline: 1 June 2022
Notification: 1 August 2022

Event date: to
Submission deadline: 1 March 2022
Notification: 1 May 2022

We have a vacancy for a Postdoctoral Fellow in Fully Homomorphic Encryption (FHE) at IIK. The first year of the position is funded by Intel and we will work in collaboration with our partners there, our main point of contact being Flavio Bergamaschi. The project leader on the NTNU side is Dr. Anamaria Costache. The project, has two main deliverable goals. The first one is cryptanalysis of existing schemes, and the second one is developing a framework to assess the threat model while deploying an HE solution.

Closing date for applications:

Contact: Anamaria Costache

More information: https://www.jobbnorge.no/en/available-jobs/job/221390/postdoctoral-fellow-in-fully-homomorphic-encryption#?p=1

Panther Protocol is building an end-to-end privacy protocol for digital assets (zAssets), which can be deployed in a compliant way on any public blockchain. We have ambitious plans to provide financial privacy and give economic freedom to people and institutions, in a compliant way. We are looking to expand our team with extraordinary individuals who share our core values in financial privacy and freedom. Successful applicants will join an experienced and dynamic international team with a cumulative experience of 46 years in the Blockchain industry, 66 years in Finance, and 40+ years in Cryptography. You can read more about the project on our website: https://pantherprotocol.io/ We are recruiting an Applied Mathematician that will work closely with our CTO, Game Theorist and the larger team consisting of Researchers and Software Developers. Work with the team on interesting problems and implementing solutions from published papers for the areas that we work on - DeFi , Game Theory and Blockchain using C/Rust or other programming language.

Closing date for applications:

Contact: Martin Raeburn

More information: https://apply.workable.com/panther-protocol/j/8C5930FE61/

The Institute of Information Security at University of Stuttgart offers

fully-funded Postdoc and PhD positions in formal verification.

Successful candidates are expected to carry out research on tool-supported formal verification methods for security-critical systems and security protocols in our new REPROSEC initiative (https://reprosec.org/). See, e.g., our work at ACM CCS 2021 and EuroS&P 2021 on DY*.

The positions are available immediately with an internationally competitive salary, ranging from about 4.000 Euro to 6.200 Euro monthly gross salary. The employment periods are between one and six years, following the German Wissenschaftszeitvertragsgesetz (WissZeitVg).

The Institute of Information Security offers a creative international environment for top-level international research in Germany's high-tech region.

You should have a Master's degree or a Ph.D. (or should be very close to completion thereof) in Computer Science, Mathematics, Cyber Security, or a related field. We value excellent analytical skills and

• solid knowledge of logic, proofs and/or formal verification techniques (Theorem Proving, Type Checking, etc.), and
• solid programming experience.

Knowledge in cryptography/security is not required, but a plus. Knowledge of German is not required.

See https://www.sec.uni-stuttgart.de/institute/job-openings/ for the official job announcement and details of how to apply.

The deadline for applications is

March 13th, 2022.

Late applications will be considered until the positions are filled.

Closing date for applications:

Contact: Prof. Ralf Küsters

University of Stuttgart, Institute of Information Security ralf.kuesters@sec.uni-stuttgat.de

More information: htttps://sec.uni-stuttgart.de

One Ph.D. position opening, focusing on homomorphic encryption and related neural network accelerator design, at Dr. Jiafeng Harvest Xie's Security and Cryptography (SAC) Lab (https://www.ece.villanova.edu/~jxie02/lab/) in Department of Electrical and Computer Engineering, Villanova University, Villanova, PA, USA.

Villanova University ranks #49 National Universities in the USA. The campus is located at Villanova, Pennsylvania (west suburban of Philadelphia). Famous alumni include the current First Lady of the USA!

The neighborhood around campus is quiet and safe and is regarded as the most comfortable area in Philadelphia. Currently, all our students are working from home with on-campus optional.

Requirements: Preferred to be in the majors of CE/CS/EE. Applied Mathematics/Cryptography related majors are also good!

Proficiency in both speaking and writing of English.

Skillful in programming Languages such as VHDL/Verilog, C/C++, Python. FPGA-based experience is a desirable plus. Great enthusiasm for doing research-oriented tasks. Excellent teamwork member.

Degree: both BS and MS graduates are welcome to apply.

Deadline: better to start in Fall 2022 (Summer 2022 is also ok). The position is open until it is filled.

The lab atmosphere is peaceful and harmonious. Advisor and senior Ph.D. student will guide you to get started and you will not be fighting alone!!!

Email: jiafeng.xie@villanova.edu

Closing date for applications:

Contact: Jiafeng Harvest Xie

More information: https://www.ece.villanova.edu/~jxie02/lab/

At the Department of Computer Science which is part of the Faculty of Computer Science, Electrical Engineering and Mathematics this PostDoc position is to be filled in the working group Codes and Cryptography. It's a full-time position in the field of post-quantum cryptography, available immediately and with a flexible start date.

The position is limited to a period of 3 years.

Your tasks:

• Research in the field of post-quantum cryptography

• Teaching to the extent of 4 hours a week

• Participation in the Department of Computer Science

Your profile:

• Doctorate degree in the field of cryptography

• Expertise in one of these areas: post-quantum cryptography, lattice-based cryptography

• Experience in the field of quantum algorithms or quantum complexity is an advantage

If you are interested, please send an email including your detailed CV and a list of publications to bloemer@upb.de. Applications will be reviewed continuously until the position is filled.

Closing date for applications:

Contact: Prof. Dr. Johannes Blömer (bloemer@upb.de)

More information: https://cs.uni-paderborn.de/en/cuk-1/research

Do you have a Master/PhD, research or coding experience in the area of Applied Cryptology? Do you want to design, code and co-invent the next generation of Distributed Systems protocols?
At QPQ, we are building the Internet of Economics, a new approach to a compliant and regulated financial systems infrastructure. Join a team of mathematicians, computer scientists, engineers and self-taught individuals. We give you
- A stimulating, Socratic intellectual environment. As Socratic implies, we want you to have a voice. We do not recruit brilliant people to put them in boxes, we recruit brilliant people so they can push the horizons even further
- Hybrid office approach – we have been a distributed workforce from the start. This role is centred around our European axis, so we expect you to live within +/- 2 hours of CET. We get together a complete team every quarter, so you must be willing to travel and embrace being part of a diverse team drawn from many walks of life and cultures
- Competitive salary, travel expense budget and many opportunities to participate in the company’s growth
Responsibilities:
- Perform research and engineering on cryptographic protocols
- Working with a multi-faceted team of practitioners on a set of blockchain-based privacy protocols interacting with the DeFi space and providing compliance with financial regulations
Requirements:
- Master or Ph.D. in cryptography or a closely related field
- Be able to prototype protocols/schemes/algorithms in at least one relevant programming language
- Have a thorough approach and be committed to high quality output
- Be eager to learn new topics and tools, proactive, self-driven approach and problem-solving mindset
- Good communication and collaboration skills
- Able to proactively identify which activities can benefit the project the most in the shortest period of time, communicate, and execute on their ideas without needing to be micromanaged
- Full-time availability with flexible working hours
- Nice to be familiar with blockchain, DeFi space and general understanding of full-stack system architecture
- Nice to have knowledge of zk proof systems

Closing date for applications:

Contact: Apply as soon as possible with a CV, a video, or anything that will showcase your abilities. Person in contact: Emanuele Ragnoli (eragnoli@qpq.io)

We are building the Internet of Economics, a new approach to a compliant and regulated financial systems infrastructure. Join a team of mathematicians, computer scientists, engineers and self-taught individuals. What do we give you?
• A stimulating, Socratic intellectual environment. As Socratic implies, we want you to have a voice. We do not recruit brilliant people to put them in boxes, we recruit brilliant people, so they can push the horizons even further
• Hybrid office approach. This role is centred around our European axis, so we expect you to live within +/- 2 hours of CET. We get together a complete team every quarter, so you must be willing to travel and embrace being part of a diverse team drawn from many walks of life and cultures
• Competitive salary, travel expense budget and many opportunities to participate in the company’s growth
Responsibilities:
- Perform research and engineering on cryptographic protocols;- Have a leading role in the cryptography team in defining and applying protocols
- Working with a multi-faceted team of practitioners on a set of blockchain-based privacy protocols interacting with the DeFi space and providing compliance with financial regulations
Requirements:
- Master or Ph.D./Multi-year working experience in cryptography or a closely related field
- Knowledge of modern cryptographic primitives
- Be able to prototype protocols/schemes/algorithms in at least one relevant programming language
- Be familiar with the blockchain and DeFi space
- General understanding of full-stack system architecture
- Have a thorough approach and be committed to high quality output. Have prior research/code already published in the space
- Excellent communication and collaboration skills
- Be eager to learn new topics and tools, proactive, self-driven approach and problem-solving mindset
- Able to proactively identify which activities can benefit the project the most in the shortest period of time, communicate, and execute on their ideas without needing to be micromanaged
- Full-time availability with flexible working hours
- Nice to have knowledge of modern, efficient zk-proofs

Closing date for applications:

Contact: Apply as soon as possible with a CV, a video, or anything that will showcase your abilities. Person in contact: Emanuele Ragnoli (eragnoli@qpq.io)

The University of Birmingham’s Centre for Cyber Security and Privacy is looking for a research fellow (postdoc) to work on our EPSRC-funded project "CAP-TEE: Capability Architectures in Trusted Execution".

In this project, we use capability architectures (as e.g. developed by the CHERI project) to protect trusted execution against such state-of-the-art attacks. We address a wide range of threats from software vulnerabilities such as buffer overflows to hardware attacks like fault injection and side-channel analysis. CAP-TEE provides a strong, open-source basis for the future generation of more secure TEEs.

Applicants should have a PhD, or be close to completing a PhD, in a relevant subject (security, crypto, electrical engineering, maths, etc.). We also consider non-PhD applicants with strong industry experience. We expect experience in writing system-level or low-level code in programming languages such as C, C++, or Rust. Skills in other relevant areas, e.g. FPGA development, side-channel attacks, or binary analysis/exploitation, are desirable.

Please contact David Oswald (d.f.oswald@bham.ac.uk) for informal enquiries. You can apply online until 25 March 2022: https://bham.taleo.net/careersection/external/jobdetail.ftl?job=2200004N&tz=GMT%2B00%3A00&tzname=Europe%2FLondon

Closing date for applications:

Contact: David Oswald
d.f.oswald@bham.ac.uk
https://www.cs.bham.ac.uk/~oswalddf/

More information: https://bham.taleo.net/careersection/external/jobdetail.ftl?job=2200004N&tz=GMT%2B00%3A00&tzname=Europe%2FLondon

We are looking for an “R&D researcher Crypto & Privacy” to reinforce our Worldline’s “Trust & Intelligence” Labs team. The Worldline Labs team provides cross functional Research and Development activity for all business units on new IT technologies and their potential value for our Worldline products and offers. The department ensures a first level of technology monitoring and collaborates with academic labs, industrial partners, start-ups and Worldline business lines on innovative projects at country or European level. Your day-to-day responsibilities include: • Select and refine privacy preserving technologies (stay on top of the state-of-the art and experiment with them) • Handling subject as Privacy-preserving Payment, Identity, Machine Learning and Data collaboration missions • Actively support our innovation teams requiring cryptographic solutions • You manage the Biometrics in-shop, IoT decentralized identity and Quantum-safe signatures • Support our Web 3.0 | DLT research with its strong cryptographic foundations • Contribute to the Privacy preserving DLT, anonymous auctions and SSID • Present the value of the technologies you explore to internal and external audiences Skills we can’t do without: • Graduate degree in engineering or Master background in cryptography, mathematics or IT fields. • Confirmed experience (3-4 years) in cryptography or privacy preservation (applied or research oriented), blockchain is a plus. • Proficiency in English is required. French knowledge is a plus. • You are known for you autonomous, ambitious, analytical, business-minded and inventive approach. • Being able to integrate in a diverse team of researchers, engineers and innovators. • Outstanding interpersonal skills, assure support and collaborate with product and customer teams • Several location possible: Paris, Seclin, Blois, Tours, Lyon, Brussels (BE)

Closing date for applications:

Contact: Bianka Kozma

More information: https://performancemanager.successfactors.eu/sf/jobreqpvt?jobId=238453&company=Worldline&st=C933D80914D042FC427C16CDE1126B7032792DE8