International Association
for Cryptologic Research

In this paper, we present a high-performance architecture for elliptic curve cryptography (ECC) over Curve448, which to the best of our knowledge, is the fastest implementation of ECC point multiplication over Curve448 to date. Firstly, we introduce a novel variant of the Karatsuba formula for asymmetric digit multiplier, suitable for typical DSP primitive with asymmetric input. It reduces the number of required DSPs compared to previous work and preserves the performance via full parallelization and pipelining. We then construct a 244-bit pipelined multiplier and interleaved fast reduction algorithm, yielding a total of 12 stages of pipelined modular multiplication with four stages of input delay. Additionally, we present an efficient Montgomery ladder scheduling with no additional register is required. The implementation on the Xilinx 7-series FPGA: Virtex-7, Kintex-7, Artix-7, and Zynq 7020 yields execution times of 0.12, 0.13, 0.24, and 0.24 ms, respectively. It increases the throughput by 242% compared to the best previous work on Zynq 7020 and by 858% compared to the best previous work on Virtex-7. Furthermore, the proposed architecture optimizes nearly 63% efficiency improvement in terms of Area×Time tradeoff. Lastly, we extend our architecture with well-known side-channel protections such as scalar blinding, base-point randomization, and continuous randomization.

All existing methods of building non-interactive zero-knowledge (NIZK) arguments for $\mathsf{NP}$ from the Learning With Errors (LWE) assumption have relied on instantiating the Fiat-Shamir paradigm on a parallel repetition of an underlying honest-verifier zero knowledge (HVZK) $\Sigma$ protocol, via an appropriately built correlation-intractable (CI) hash function from LWE. This technique has inherent efficiency losses that arise from parallel repetition.

In this work, we build the first NIZK argument for $\mathsf{NP}$ from the LWE assumption that does not rely on parallel repetition. Instead, we show how to make use of the more efficient ``MPC in the Head'' technique for building an underlying honest-verifier protocol upon which to apply the Fiat-Shamir paradigm. The key to making this possible is a new construction of CI hash functions from LWE, using efficient algorithms for polynomial reconstruction as the main technical tool.

We stress that our work provides a new and more efficient ``base construction'' for building LWE-based NIZK arguments for $\mathsf{NP}$. Our protocol can be the building block around which other efficiency-focused bootstrapping techniques can be applied, such as the bootstrapping technique of Gentry et al. (Journal of Cryptology 2015).

This paper considers a problem of identifying matching attacks against Romulus-M, one of the ten finalists of NIST Lightweight Cryptography standardization project. Romulus-M is provably secure, i.e., there is a theorem statement showing the upper bound on the success probability of attacking the scheme as a function of adversaries' resources. If there exists an attack that matches the provable security bound, then this implies that the attack is optimal, and that the bound is tight in the sense that it cannot be improved. We show that the security bounds of Romulus-M are tight for a large class of parameters by presenting concrete matching attacks.

We introduce the Spiral family of single-server private information retrieval (PIR) protocols. Spiral relies on a composition of two lattice-based homomorphic encryption schemes: the Regev encryption scheme and the Gentry-Sahai-Waters encryption scheme. We introduce new ciphertext translation techniques to convert between these two schemes and in doing so, enable new trade-offs in communication and computation. Across a broad range of database configurations, the basic version of Spiral simultaneously achieves at least a 4.5x reduction in query size, 1.5x reduction in response size, and 2x increase in server throughput compared to previous systems. A variant of our scheme, SpiralStreamPack, is optimized for the streaming setting and achieves a server throughput of 1.9 GB/s for databases with over a million records (compared to 200 MB/s for previous protocols) and a rate of 0.81 (compared to 0.24 for previous protocols). For streaming large records (e.g., a private video stream), we estimate the monetary cost of SpiralStreamPack to be only 1.9x greater than that of the no-privacy baseline where the client directly downloads the desired record.

We propose a novel approach that generalizes interleaved modular multiplication algorithms to the computation of sums of products over large prime fields. This operation has widespread use and is at the core of many cryptographic applications. The method reformulates the widely used lazy reduction technique, crucially avoiding the need for storage and computation of ``double-precision'' operations. Moreover, it can be easily adapted to the different methods that exist to compute modular multiplication, producing algorithms that are significantly more efficient and memory-friendly. We showcase the performance of the proposed approach in the computation of multiplication over an extension field GF(p^k), and demonstrate its impact in two popular cryptographic settings: bilinear pairings and supersingular isogeny-based protocols. For the former, we obtain a 1.37x speedup in the computation of a full optimal ate pairing over the popular BLS12-381 curve on an x64 Intel processor; for the latter, we show a speedup of up to 1.30x in the computation of the SIKE protocol on the same Intel platform.

New symmetric primitives are being designed to address a novel set of design criteria. Instead of being executed on regular processors or smartcards, they are instead intended to be run in abstract settings such as multi-party computations or zero-knowledge proof systems. This implies in particular that these new primitives are described using operations over large finite fields. As the number of such primitives grows, it is important to better understand the properties of their underlying operations. In this paper, we investigate the algebraic degree of one of the first such block ciphers, namely MiMC. It is composed of many iterations of a simple round function, which consists of an addition and of a low-degree power permutation applied to the full state, usually $x \mapsto x^{3}$. We show in particular that, while the univariate degree increases predictably with the number of rounds, the algebraic degree (a.k.a multivariate degree) has a much more complex behaviour, and simply stays constant during some rounds. Such plateaus slightly slow down the growth of the algebraic degree. We present a full investigation of this behaviour. First, we prove some lower and upper bounds for the algebraic degree of an arbitrary number of iterations of MiMC and of its inverse. Then, we combine theoretical arguments with simulations to prove that the upper bound is tight for up to 16265 rounds. Using these results, we slightly improve the higher-order differential attack presented at Asiacrypt 2020 to cover one or two more rounds. More importantly, our results provide some precise guarantees on the algebraic degree of this cipher, and then on the minimal complexity for a higher-order differential attack.

In known security reductions for the Fujisaki-Okamoto transformation, decryption failures are handled via a reduction solving the rather unnatural task of finding failing plaintexts \emph{given the private key}, resulting in a Grover search bound. Moreover, they require an implicit rejection mechanism for invalid ciphertexts to achieve a reasonable security bound in the QROM. We present a reduction that has neither of these deficiencies: We introduce two security games related to finding decryption failures, one capturing the \emph{computationally hard} task of \emph{using the public key} to find a decryption failure, and one capturing the \emph{statistically hard} task of searching the random oracle for \emph{key-independent} failures like, e.g., large randomness. As a result, our security bounds in the QROM are tighter than previous ones with respect to the generic random oracle search attacks: The attacker can only partially compute the search predicate, namely for said key-independent failures. In addition, our entire reduction works for the explicit-reject variant of the transformation and improves significantly over all of its known reductions. Besides being the more natural variant of the transformation, security of the explicit reject mechanism is also relevant for side channel attack resilience of the implicit-rejection variant. Along the way, we prove several technical results characterizing preimage extraction and certain search tasks in the QROM that might be of independent interest.

The cryptography group of ENS Lyon is seeking for post-doc candidates interested in lattice cryptography. Potential research topics non-exhaustively include:

lattice cryptographic constructions (from theory to practice);

quantum aspects of lattice cryptography (security proofs, cryptanalysis);

lattice algorithms and cryptanalysis;

algebraic number theory and lattices.

We are looking for candidates with a strong record related to any of the above topics. Starting date and duration are flexible. To apply, please send your CV, a motivation letter and names of at least two persons who can provide reference letters.

Closing date for applications:

Contact: damien.stehle@ens-lyon.fr, alain.passelegue@ens-lyon.fr, benoit.libert@ens-lyon.fr

More information: https://www.ens-lyon.fr/LIP/AriC/crypto

Event date: 6 January to 8 January 2023
Submission deadline: 15 July 2022
Notification: 15 September 2022

Event date: 26 September to 27 September 2022
Submission deadline: 27 May 2022
Notification: 29 July 2022

The Applied Cryptography Group at Technical University of Darmstadt offers a fully funded position as PhD student in Cryptography. The positions is to be filled as soon as possible for 3 years with the possibility of extension. You will conduct research and publish/present the results at top venues for research in cryptography and IT Security.

Topics of particular interest include (but are not limited to):

• Leakage/tamper resilient cryptography
• Cryptography for blockchains and cryptocurrencies
• Multiparty computation & threshold cryptography
• Decentralized finance

Your profile:

• Completed Master's degree (or equivalent) at a top university with excellent grades in computer science, mathematics or a similar area.
• Strong mathematical and/or algorithmic/theoretical CS background
• Good knowledge of cryptography. Knowledge in concepts of provable security is a plus.
• Fluent written and verbal communication skills in English

TU Darmstadt is a top research university for IT Security, Cryptography and Computer Science in Europe. We offer excellent working environment in the heart of the Frankfurt Metropolitan Area, which is internationally well-known for a high quality of life. Review of applications starts immediately until the position is filled.

Closing date for applications:

Contact: Sebastian Faust (office.cac@cysec.de)

More information: https://www.informatik.tu-darmstadt.de/cac/cac/index.en.jsp

Event date: 8 December to 11 December 2022
Submission deadline: 30 June 2022
Notification: 1 August 2022

We are proud to announce the winners of the 2022 IACR Test-of-Time Award. This award honors papers published at the 3 IACR flagship conferences 15 years ago which have had a lasting impact on the field.

The Test-of-Time award for Asiacrypt 2007 is awarded to: Faster Addition and Doubling on Elliptic Curves, by Daniel J. Bernstein and Tanja Lange, for introducing efficient elliptic curve addition formulae in the context of Edwards forms of elliptic curves.

The Test-of-Time award for Crypto 2007 is awarded to: Deterministic and Efficiently Searchable Encryption, by Mihir Bellare, Alexandra Boldyreva and Adam O'Neill, for placing searchable encryption on a rigorous footing, leading to a huge interest in this field in applications.

The Test-of-Time award for Eurocrypt 2007 is awarded to: An Efficient Protocol for Secure Two-Party Computation in the Presence of Malicious Adversaries, by Yehuda Lindell and Benny Pinkas, for providing the first implementable protocol for actively secure variants of Yao's protocol, and thus paving the way to more practical constructions.

For more information, see https://www.iacr.org/testoftime.

Congratulations to all winners!

Event date: 20 June to 23 June 2022
Submission deadline: 1 April 2022
Notification: 15 April 2022

Purpose: You will be active in the planning and implementation of applications for the cryptography, especially secure multi-party computing (MPC) related domain. An ability to analyze and evaluate novel cryptography research and blockchain technology in the market is a must, Requirements -Proven track record for great academic research, learning skills, and solving challenging problems -Expertise on Cryptography, especially blockchain space related to custody and management of keys, MPC or fully homomorphic encryption (FHE) -Experience with Rust or Golang or other mainstream programming languages Bonus Qualifications: -MSc/PhD in STEM with applied cryptography orientation (participation in at least 2 classes related to cryptography) -Significant involvement in the project that required the use of novel cryptography, ideally FHE and/or ZK and/or MPC related -Published paper in top tier cryptography conference

Closing date for applications:

Contact: Charles Isaac

Context
Dfns is a cybersecurity company that builds custody* SaaS protocol for web3 apps. Think of it as a developer tool that provides secure cloud for crypto. Our mission is to bring serenity to DeFi by eliminating new blockchain risks and making crypto transactions easier, faster, more affordable, and compliant with existing regulations.

From fintechs to large banks to e-commerce sites, Dfns gives financial institutions and businesses the freedom to own and transfer crypto on a battle-designed security infrastructure. Our API is designed to offer best-in-class developer experience allowing any platform to deploy custodial wallets in a matter of days, with streamlined feature delivery and frequent security upgrades.

Founded in 2020 in Paris, Dfns is a startup incubated at Station F (awarded Future40), accelerated by Techstars and recognized DeepTech by the French Ministry of Economy. Our company is fully remote with offices in Paris, Amsterdam, New York, London, Stockholm, Sofia, and other cities.

Job Description
You will contribute to one of the most ambitious technology projects in crypto today: building a trustless custody infrastructure for the trillion-dollar digital asset industry.

You will join an amazing team of leaders (CTO, CISO, CPO) and experts (R&D Engineers, Cryptographers, Security Engineers) in a highly challenging and collaborative environment.

We are looking for a trailblazing VP of Research who can explore blockchain and ZK technology, generate new product ideas, and outline detailed R&D strategies. You will need to manage diverse teams spanning engineering and marketing, requiring both a strong technical background and excellent business skills. As an ideal candidate, you will have a keen eye for gaps in client product offerings and the innovative mindset to fill them. You’re a highly skilled cryptographer with a proven ability to strategize the full lifecycle of patent production—from conception through release.

Closing date for applications:

Contact: chris@dfns.co

More information: https://www.welcometothejungle.com/en/companies/dfns/jobs/vp-of-research_paris?q=6ea9e03888204c360e4888930ccfcdc0&o=944248&e=companies_jobs

Context
Dfns is a cybersecurity company that builds custody SaaS protocol for web3 apps. Think of it as a developer tool that provides secure cloud for crypto. Our mission is to bring serenity to DeFi by eliminating new blockchain risks and making crypto transactions easier, faster, more affordable, and compliant with existing regulations.

From fintechs to large banks to e-commerce sites, Dfns gives financial institutions and businesses the freedom to own and transfer crypto on a battle-designed security infrastructure. Our API is designed to offer best-in-class developer experience allowing any platform to deploy custodial wallets in a matter of days, with streamlined feature delivery and frequent security upgrades.

Founded in 2020 in Paris, Dfns is a startup incubated at Station F (awarded Future40), accelerated by Techstars and recognized DeepTech by the French Ministry of Economy. Our company is fully remote with offices in Paris, Amsterdam, New York, London, Stockholm, Sofia, and other cities.

Job Description
You will contribute to one of the most ambitious technology projects in crypto today: building a trustless custody infrastructure for the trillion-dollar digital asset industry.

You will join an amazing team of leaders (CTO, VP of Research, CISO) and experts (Software Engineers, R&D Engineers, Security Engineers) in a highly challenging and collaborative environment.

We are looking for a Senior Cryptographer to develop our crypto systems using algorithmic, asymmetric, zk proofs, thresholdized cryptography and other types of tools to encrypt sensitive data and protect it from hackers, misuse, and cybercrime.

As a Cryptographer, you will be laser-focused on finding ways to protect blockchain keys from being intercepted, decrypted, copied, altered, or deleted by unauthorized actors. You will need a deep understanding of cryptography, namely MPC and its related algorithms. You will also develop and apply various mathematical models to help find and thwart potential systems threats.

Closing date for applications:

Contact: chris@dfns.co

More information: https://www.welcometothejungle.com/en/companies/dfns/jobs/senior-cryptographer_paris?q=b03d4fc5976286120e927867a4e9817b&o=944230&e=companies_jobs

Horizen Labs is a blockchain technology company that designs, develops, and delivers powerful, scalable, and reliable distributed ledger solutions for business.

Our Core Engineering Team is an innovative and collaborative group of researchers and software engineers who are dedicated to the design and development of world-class blockchain-based products. We are looking for a cryptographer, or applied cryptographer, to join our growing crypto team based in Milan, Italy. Currently, the team is developing a protocol suite for SNARK-based proof-composition, but its duties reach beyond that, developing privacy-enhancing solutions for our sidechain ecosystem.

Responsabilities

• Design privacy-enhancing technology built on SNARK-based protocols
• Perform collaborative research and assist technical colleagues in their development work
• Participate in standards-setting

Requirements

• Ph.D. in mathematics, computer science, or cryptography
• Solid foundations in zero-knowledge and cryptographic protocols
• Publications in acknowledged venues on applied or theoretical cryptography, preferably cryptographic protocols or PETs
• Strong problem-solving skills
• The ability to work in a team setting as well as autonomously
• Foundations in blockchain technology and experience in reading Rust are a plus

We offer

• A competitive salary plus pre-series A stock options
• Flexible working hours, including the possibility of remote working
• The opportunity to work with talented minds on challenging topics in this field, including the most recent advancements in zero-knowledge
• A nice and informal team setting to conduct research and development of high-quality open source solutions

If you are interested in this position, you might want to take a look at our recent publications (IACR eprints 2021/930, 2021/399, 2020/123) and our latest podcast on zeroknowledge.fm (Episode 178).

Closing date for applications:

Contact: recruiting@horizenlabs.io

More information: https://horizenlabs.io/

Technology Innovation Institute (TII) is a publicly funded research institute, based in Abu Dhabi, United Arab Emirates. It is home to a diverse community of leading scientists, engineers, mathematicians, and researchers from across the globe, transforming problems and roadblocks into pioneering research and technology prototypes that help move society ahead.

Cryptography Research Center

In our connected digital world, secure and reliable cryptography is the foundation of digital information security and data integrity. We address the world’s most pressing cryptographic questions. Our work covers post-quantum cryptography, lightweight cryptography, cloud encryption schemes, secure protocols, quantum cryptographic technologies and cryptanalysis.

Position: Senior MPC Researcher

Conduct research on state-of-the-art MPC protocols

Analyze project requirements and provide technical and functional recommendations

Design and implementation of building blocks to utilize privacy-preserving cryptographic techniques to cloud computing and machine learning applications

Propose new projects and research directions

Skills required for the job

2+ years of work experience in the field

Knowledge of MPC protocols

Experience in C desired, C++, Rust and Python relevant as well. Solid engineering practices and processes, such as development and testing methodology and documentation

Quick learner, geared towards implementation. Eager to develop new skills and willing to take ownership of projects

Knowledge on machine learning would be valuable

Knowledge on Zero-Knowledge proofs would be valuable

Qualifications

MSc or PhD degree in Cryptography, Applied Cryptography, Information Theory, Mathematics or Computer Science

Closing date for applications:

Contact: Mehdi Messaoudi - Talent Acquisition Manager
mehdi.messaoudi@tii.ae

More information: https://www.tii.ae/cryptography

The Research Institute CODE at Universität der Bundeswehr München seeks an internationally recognised person with an excellent research and teaching track in cryptology. CODE hosts 13 professorships in the scope of cyber security ranging from software security, privacy, digital forensics to data science and open source intelligence.

Closing date for applications:

Contact: Further information is available via Prof. Harald Baier, harald.baier@unibw.de

More information: https://jobs.zeit.de/jobs/universitaetsprofessur-w3-fuer-kryptologie-universitaet-der-bundeswehr-muenchen-neubiberg-1056374