International Association
for Cryptologic Research

Pseudorandom correlation generators (PCG) allow two parties to generate long correlated pseudorandom strings with minimal communication. Since secure computation applications typically benefit from such protocols, we explore the use of PCG to improve private set intersection (PSI) protocols. We obtain two main results.

In our first result, we construct a new highly optimized semi-honest PSI. Our protocol builds upon the protocol of (Kolesnikov et al., CCS 2016), and significantly improves it using multiple optimizations, including a new oblivious pseudorandom function (built from a PCG for the subfield-VOLE correlation), and a new technique to handle a generalized variant of Cuckoo hashing tailored to our setting. For sets with elements of size $\ell$ bits with $\ell \leq 70$, our protocol outperforms all known PSI protocols, by as much as $42\%$ when $\ell = 32$ and with $n = 2^{20}$ items (compared to the best known protocol of (Rindal and Schoppmann, Eurocrypt 2021), enhanced with recent improvements). For these parameters, the communication of our protocol is extremely small: only $129n$ bits of total communication.

In our second result, we use a PCG for a new correlation, called the subfield ring-OLE correlation. We construct a new protocol with attracting features: competitive communication with the state of the art, fully malicious security in the standard model (no random oracle or tailored assumptions on hash functions). To our knowledge, our protocol outperforms by a large margin all previous protocols in the standard model, and is competitive even with ROM-based protocols. Furthermore, our protocol leads to a batch non-interactive PSI, where (after a one-time short interaction) a client can broadcast a single compact encoding of its dataset, and compute its intersection with the datasets of multiple servers after receiving a single message from each server.

Verifiable Dynamic Searchable Symmetric Encryption (VDSSE) enables users to securely outsource databases (document sets) to cloud servers and perform searches and updates. The verifiability property prevents users from accepting incorrect search results returned by a malicious server. However, we discover that the community currently only focuses on preventing malicious behavior from the server but ignores incorrect updates from the client, which are very likely to happen since there is no record on the client to check. Indeed most existing VDSSE schemes are not sufficient to tolerate incorrect updates from the client. For instance, deleting a nonexistent keyword-identifier pair can break their correctness and soundness.

In this paper, we demonstrate the vulnerabilities of a type of existing VDSSE schemes that fail them to ensure correctness and soundness properties on incorrect updates. We propose an efficient fault-tolerant solution that can consider any DSSE scheme as a black-box and make them into a fault-tolerant VDSSE in the malicious model. Forward privacy is an important property of DSSE that prevents the server from linking an update operation to previous search queries. Our approach can also make any forward secure DSSE scheme into a fault-tolerant VDSSE without breaking the forward security guarantee.

In this work, we take FAST [1] (TDSC 2020), a forward secure DSSE, as an example, implement a prototype of our solution, and evaluate its performance. Even when compared with the previous fastest forward private construction that does not support fault tolerance, the experiments show that our construction saves 9× client storage and has better search and update efficiency.

The last decade has seen an explosion in the number of new secure multi-party computation (MPC) protocols that enable collaborative computation on sensitive data. No single MPC protocol is optimal for all types of computation. As a result, researchers have created hybrid-protocol compilers that translate a program into a hybrid protocol that mixes different MPC protocols. Hybrid-protocol compilers crucially rely on accurate cost models, which are handwritten by the compilers' developers, to choose the correct schedule of protocols.

In this paper, we propose CostCO, the first automatic MPC cost modeling framework. CostCO develops a novel API to interface with a variety of MPC protocols, and leverages domain-specific properties of MPC in order to enable efficient and automatic cost-model generation for a wide range of MPC protocols. CostCO employs a two-phase experiment design to efficiently synthesize cost models of the MPC protocol’s runtime as well as its memory and network usage. We verify CostCO’s modeling accuracy for several full circuits, characterize the engineering effort required to port existing MPC protocols, and demonstrate how hybrid-protocol compilers can leverage CostCO’s cost models.

Authenticated encryption (AE) is a symmetric-key encryption function that provides confidentiality and authenticity of a message. One of the evaluation criteria for AE is state size, which is memory size needed for encryption. State size is especially important when cryptosystem is implemented in constrained devices, while trivial reduction by using a small primitive is not generally acceptable as it leads to a degraded security. In these days, the state size of AE has been very actively studied and a number of small-state AE schemes have been proposed, but they are inherently serial. It would be a natural question if we come up with a parallelizable AE with a smaller state size than the state-of-the-art.

In this paper, we study the seminal OCB mode for parallelizable AE and propose a method to reduce its state size without losing the bit security of it. More precisely, while (the most small-state variant of) OCB has $3n$-bit state, by carefully treating the checksum that is halved, we can achieve $2.5n$-bit state, while keeping the $n/2$-bit security as original. We also propose an inverse-free variant of it based on OTR. While the original OTR has $4n$-bit state, ours has $3.5n$-bit state. To our knowledge these numbers are the smallest ones achieved by the blockcipher modes for parallel AE and inverse-free parallel AE.

Functional Encryption (FE) is a powerful notion of encryption which enables computations and partial message recovery of encrypted data. In FE, each decryption key is associated with a function $f$ such that decryption recovers the function evaluation $f(m)$ from an encryption of $m$. Informally, security states that a user with access to function keys $sk_{f_1}, sk_{f_2}, \ldots$ (and so on) can only learn $f_1(m), f_2(m), \ldots$ (and so on) but nothing more about the message. The system is said to be $q$-bounded collusion resistant if the security holds as long as an adversary gets access to at most $q = q(\lambda)$ decryption keys. In the last decade, numerous works have proposed many FE constructions from a wide array of algebraic and general cryptographic assumptions, and proved their security in the bounded collusion model.

However, until very recently, all these works studied bounded collusion resistance in a ``static model", where the collusion bound $q$ was a global system parameter. While the static collusion model led to great research progress in the community, it has many major drawbacks. Very recently, Agrawal et al. (Crypto 2021) and Garg et al. (Eurocrypt 2022) independently introduced the dynamic model for bounded collusion resistance, where the collusion bound $q$ was a fluid parameter that was not globally set but only chosen by each encryptor. The dynamic collusion model enabled harnessing the many virtues of the static collusion model, while avoiding its various drawbacks.

In this work, we give a simple and generic approach to upgrade any scheme from the static collusion model to the dynamic collusion model. Our result captures all existing results in the dynamic model in the form of a single unified framework, and also gives new results as simple corollaries with a lot more potential in the future. An interesting artifact of our result is that it gives a generic way to match existing lower bounds in functional encryption.

Lattice cryptography uses fixed primes. Kolmogorov’s descriptional complexity of the primes might interest the numerically curious.

We investigate the susceptibility of the Texas Instruments SimpleLink platform microcontrollers to non-invasive physical attacks. We extracted the ROM bootloader of these microcontrollers and then analysed it using static analysis augmented with information obtained through emulation. We demonstrate a voltage fault injection attack targeting the ROM bootloader that allows to enable debug access on a previously locked microcontroller within seconds. Information provided by Texas Instruments reveals that one of our voltage fault injection attacks abuses functionality that is left over from the integrated circuit manufacturing process. The demonstrated physical attack allows an adversary to extract the firmware (i.e. intellectual property) and to bypass secure boot. Additionally, we mount side-channel attacks and differential fault analysis attacks on the hardware AES co-processor. To demonstrate the practical applicability of these attacks we extract the firmware from a Tesla Model 3 key fob. This paper describes a case study covering Texas Instruments SimpleLink microcontrollers. Similar attack techniques can be, and have been, applied to microcontrollers from other manufacturers. The goal of our work is to document our analysis methodology and to ensure that system designers are aware of these vulnerabilities. They will then be able to take these into account during the product design phase. All identified vulnerabilities were responsibly disclosed.

We evaluate eight implementations of provable secure side-channel masking schemes that were published in top-tier academic venues such as Eurocrypt, Asiacrypt, CHES and SAC. Specifically, we evaluate the side-channel attack resistance of eight open-source and first-order side-channel protected AES-128 software implementations on the Cortex-M4 platform. Using a T-test based leakage assessment we demonstrate that all implementations produce first-order leakage with as little as 10,000 traces. Additionally, we demonstrate that all except for two Inner Product Masking based implementations are vulnerable to a straightforward correlation power analysis attack. We provide an assembly level analysis showing potential sources of leakage for two implementations. Some of the studied implementations were provided for benchmarking purposes. We demonstrate several flaws in the benchmarking procedures and question the usefulness of the reported performance numbers in the face of the implementations’ poor side-channel resistance. This work serves as a reminder that practical evaluations cannot be omitted in the context of side-channel analysis.

This work extends the composable secure-emulation of Canetti et al. to dynamic settings. Our work builds on top of dynamic probabilistic I/O automata, a recent framework introduced to model dynamic probabilistic systems. Our extension is an important tool towards the formal verification of protocols combining probabilistic distributed systems and cryptography in dynamic settings (e.g. blockchains, secure distributed computation, cybersecure distributed protocols etc).

Hardware obfuscation by redundancy addition is a well-known countermeasure against reverse engineering. For FPGA designs, such a technique can be implemented with a small overhead, however, its effectiveness is heavily dependent on the stealthiness of the redundant elements. Since there are powerful tools for combinational redundancy removal, opting for sequential redundancy is believed to result in stronger obfuscation. However, in this paper, we demonstrate that it is possible to identify sequential redundancy in obfuscated SRAM FPGA designs by ensuring the full controllability of each instantiated look-up table input via iterative bitstream modification. The presented algorithm works directly on bitstream and does not require the possession of a flattened netlist. The feasibility of our approach is verified on the example of an obfuscated SNOW 3G design implemented in a Xilinx 7-series FPGA.

Event date: 29 September to 30 September 2022
Submission deadline: 10 June 2022
Notification: 12 August 2022

Event date: 11 September to 16 September 2022
Submission deadline: 30 April 2022
Notification: 30 June 2022

Event date: 28 September to 30 September 2022
Submission deadline: 10 May 2022
Notification: 13 July 2022

We are looking for a Research Fellow (Post-Doc), to join our group. The applicants should have background and be interested in working on different aspects of lattice based cryptography, and a strong publication record, in particular on:

- security proofs for lattice-based schemes,
- building and implementing lattice-based constructions.

Profile:

- Doctorate degree in the field of cryptography,
- Expertise in one of these areas: public key cryptography, lattice-based cryptography.

The research will take place in the CAPSULE team (formerly called EMSEC team), within the IRISA computer science institute located in Rennes, France. To apply please send us (both) by email your detailed CV (with publication list) and a research statement.
The position is for two years, up to three, and has flexible starting date.
Review of applications will start immediately until the position is filled.

Closing date for applications:

Contact: Adeline Roux-Langlois (adeline.roux-langlois@irisa.fr) and Alexandre Wallet (alexandre.wallet@inria.fr)

Status is building the tools and infrastructure for the advancement of a secure, private, and open web3, through research, the creation of developer tools, and the support of the open-source community.

Currently, our Blockchain Infrastructure Team is researching consensus algorithms, Multi-Party Computation techniques, ZKPs, and other cutting-edge solutions with the aim to take blockchain technology to the next level of security, decentralization, and scalability for a wide range of use cases.

Some of the responsibilities:

- Analyze the team’s technical proposals and look for potential flaws.

- Identify opportunities to provide mathematical proofs to the protocols developed by the team.

- Analyze mathematically the parameter space of complex algorithms.

- Describe mechanisms to better understand, analyze and prove the correctness of the ideas and designs produced by the team.

- Work on mathematical proofs for the team algorithms and protocol designs.

- Propose improvements to the algorithms and protocols developed by the team.

- Propose new solutions to the problems tackled by the team.

- Write documentation and scientific papers with the highest standards of quality.

- Strive to constantly set the highest scientific standards for the team’s research.

Closing date for applications:

Contact: Maya

More information: https://jobs.status.im/?gh_jid=4012660

Technology Innovation Institute (TII) is a publicly funded research institute, based in Abu Dhabi, United Arab Emirates. It is home to a diverse community of leading scientists, engineers, mathematicians, and researchers from across the globe, transforming problems and roadblocks into pioneering research and technology prototypes that help move society ahead.

Cryptography Research Centre

In our connected digital world, secure and reliable cryptography is the foundation of digital information security and data integrity. We address the world’s most pressing cryptographic questions. Our work covers post-quantum cryptography, lightweight cryptography, cloud encryption schemes, secure protocols, quantum cryptographic technologies and cryptanalysis.

Position: Privacy Researcher

Conduct research on state-of-the-art Privacy Enhancing Technologies

Analyze project requirements and provide technical and functional recommendations

Design and implementation of building blocks to utilize privacy-preserving cryptographic techniques to cloud computing and machine learning applications

Propose new projects and research directions

Skills required for the job

MSc or PhD degree in Cryptography, Applied Cryptography, Information Theory, Mathematics or Computer Science

2+ years of work experience

Knowledge in one of the following topics is required: Homomorphic encryption, Functional encryption, Secure multi party computation, Zero-knowledge proofs

Experience in C desired, C++, Rust and Python relevant as well

Solid engineering practices and processes, such as development and testing methodology and documentation

Quick learner, geared towards implementation. Eager to develop new skills and willing to take ownership of projects

Knowledge in some of the following topics will be valuable: Edge computing, Machine learning, Identity Management, Differential privacy

Closing date for applications:

Contact: Mehdi Messaoudi - Talent Acquisition Manager
mehdi.messaoudi@tii.ae

More information: https://www.tii.ae/cryptography

Technology Innovation Institute (TII) is a publicly funded research institute, based in Abu Dhabi, United Arab Emirates. It is home to a diverse community of leading scientists, engineers, mathematicians, and researchers from across the globe, transforming problems and roadblocks into pioneering research and technology prototypes that help move society ahead.

Cryptography Research Centre

In our connected digital world, secure and reliable cryptography is the foundation of digital information security and data integrity. We address the world’s most pressing cryptographic questions. Our work covers post-quantum cryptography, lightweight cryptography, cloud encryption schemes, secure protocols, quantum cryptographic technologies and cryptanalysis.

Position: Post Quantum Cryptography Researcher

Design, implement and deploy quantum-safe cryptographic algorithms covering both but not limited to: key exchange algorithms and digital signature schemes

Conduct research and development in lattice-based, code-based or hash-based cryptosystems.

Perform security assessments of either crypto-primitives or cryptosystems at the theoretical and implementation level

Design end-to-end secure communication protocols using state-of-the art and customized cryptographic algorithms and primitives

Skills required for the job

PhD degree in Cryptography, Applied Cryptography, Information Theory and Mathematics or Computer Science

Postdoctoral research experience in symmetric-key cryptology as well as teaching experience is also an advantage

2+ years of work experience in the field

Closing date for applications:

Contact: Mehdi Messaoudi - Talent Acquisition Manager
mehdi.messaoudi@tii.ae

More information: https://www.tii.ae/cryptography

Technology Innovation Institute (TII) is a publicly funded research institute, based in Abu Dhabi, United Arab Emirates. It is home to a diverse community of leading scientists, engineers, mathematicians, and researchers from across the globe, transforming problems and roadblocks into pioneering research and technology prototypes that help move society ahead.

Cryptography Research Centre

In our connected digital world, secure and reliable cryptography is the foundation of digital information security and data integrity. We address the world’s most pressing cryptographic questions. Our work covers post-quantum cryptography, lightweight cryptography, cloud encryption schemes, secure protocols, quantum cryptographic technologies and cryptanalysis.

Position: Senior FHE Researcher

Conduct research on state-of-the-art FHE schemes

Analyze project requirements and provide technical and functional recommendations

Supervise the design and implementation of FHE building blocks to machine learning applications

Propose new projects and research directions

Skills required for the job

4+ years of work experience in the field

Knowledge of partially-, somewhat-, and fully homomorphic encryption schemes

Deep understanding of lattice-based cryptography

Quick learner, geared towards implementation

Eager to develop new skills and willing to take ownership of projects

Strong track record of publishing in top tier conferences

Experience in C, C++, Rust or Go is a plus. Software engineering skills, such as agile methodologies, versioning, and knowledge with hardware languages is also a plus

Closing date for applications:

Contact: Mehdi Messaoudi - Talent Acquisition Manager
mehdi.messaoudi@tii.ae

More information: https://www.tii.ae/cryptography

Applications are invited for a post-doctoral fellow position in one or more of these areas- cryptographic engineering/applied cryptography as it relates to blockchain technology, cryptocurrencies and digital payments. The successful candidate will join Professor Anwar Hasan’s research group at the University of Waterloo. Applicants with a recent Ph.D. in Computer Engineering, Computer Science or a related discipline, and publications at premium venues are encouraged to send pdf copies of their CVs and cover letters via email to Professor Anwar Hasan (ahasan at uwaterloo.ca). Application deadline: March 31, 2022 for full consideration. After this deadline, applications will be processed as they arrive.

Closing date for applications:

Contact: Professor Anwar Hasan

In the Faculty of Computer Science, Electrical Engineering and Mathematics, there are several open positions in the Institute of Computer Science, limited to up to 5 years, to be filled as soon as possible. We are looking for internationally qualified personalities in the fields of:

• IT Security (reference number 5121)
• Quantum Computing (reference number 5122)

who will each lead an independent junior research group and support the established strategic focus areas of the Institute of Computer Science. Each junior research group will be provided with a position for a research assistant (f/m/d) (pay scale E13 TV-L).

Applications with cover letter, curriculum vitae, doctoral certificate, research and teaching statement as well as the indication of two references (in one PDF-file) are requested under each reference number until 31.03.2022 to the e-mail-address mentioned below.

More information:
https://www.uni-paderborn.de/fileadmin/zv/4-4/stellenangebote/Kennziffer5119-5122_Englisch.pdf

Closing date for applications:

Contact: If you have any questions, please contact Prof. Dr. Eric Bodden (eric.bodden@uni-paderborn.de)
The applications should then be sent to the following email addresses:
eim-i-5121@upb.de
eim-i-5122@upb.de

More information: https://www.uni-paderborn.de/fileadmin/zv/4-4/stellenangebote/Kennziffer5119-5122_Englisch.pdf