International Association
for Cryptologic Research

Applications are invited for a Post-Doctoral Research Fellow position to conduct research into the application of advanced machine learning techniques for use in hardware Trojan detection, as part of the EPSRC-funded DeepSecurity project within the UK Research Institute in Secure Hardware and Embedded Systems (RISE: ukrise.org), hosted by the Centre for Secure Information Technology (CSIT) at Queen’s.

The successful candidate must have and your CV/Cover letter application should clearly demonstrate you have:
• 2:1 Honours degree in Electrical and Electronic Engineering/Computer Science/Mathematics (or related discipline)
• A PhD, or about to obtain a PhD, in a relevant subject
• At least 3 years relevant research experience in FPGA/ASIC/Embedded systems design
• Evidence of a strong publication record commensurate with career stage and experience.

This is a fixed term contract available until 31 March 2023.

Closing date for applications:

Contact: Professor Máire O'Neill

More information: https://hrwebapp.qub.ac.uk/tlive_webrecruitment/wrd/run/ETREC107GF.open?VACANCY_ID=551890GLbr&WVID=6273090Lgx&LANG=USA

Sharding is a key approach to scaling the performance of on-chain transactions: the network is randomly partitioned into smaller groups of validator nodes, known as \textit{shards}, each growing a disjoint ledger of transactions via state-machine replication (SMR) in parallel to other shards. As SMR protocols typically incur a quadratic message complexity in the network size, shards can process transactions significantly faster than the entire network. On the downside, shards cannot be made arbitrarily small due to the exponentially-increasing probability that malicious nodes take over a sufficient majority in small shards, compromising the security of SMR. In practice, this dictates relatively large shards with hundreds of nodes each, significantly limiting the scalability benefits of sharding.

In this paper, we propose \textit{Instachain}, a novel sharding approach that breaks the scalability limits of sharding by reducing the shard size to significantly-smaller numbers than was previously considered possible. We achieve this by relaxing the liveness property for some of the shards while still preserving the safety property across all shards. To do this, we carefully adjust the quorum size parameter of the intra-shard SMR protocol to achieve maximum parallelism across all shards without compromising security. In addition, Instachain is the first sharding protocol to adopt the stateless blockchain model in shards, which in conjunction with a novel cross-shard verification technique allows the protocol to efficiently prevent double-spending attempts across significantly-more shards than previous work.

We present the first specification-compliant constant-time FPGA implementation of the Classic McEliece cryptosystem from the third-round of NIST's Post-Quantum Cryptography standardization process. In particular, we present the first complete implementation including encapsulation and decapsulation modules as well as key generation with seed expansion. All the hardware modules are parametrizable, at compile time, with security level and performance parameters. As the most time consuming operation of Classic McEliece is the systemization of the public key matrix during key generation, we present and evaluate three new algorithms that can be used for systemization while complying with the specification: hybrid early-abort systemizer (HEA), single-pass early-abort systemizer (SPEA), and dual-pass early-abort systemizer (DPEA). All of the designs outperform the prior systemizer designs for Classic McEliece by 2.2x to 2.6x in average runtime and by 1.7x to 2.4x in time-area efficiency. We show that our complete Classic McEliece design for example can perform key generation in 5.2-20ms, encapsulation in 0.1-0.5ms, and decapsulation in 0.7-1.5ms for all security levels on an Xlilinx Artix 7 FPGA. The performance can be increased even further at the cost of resources by increasing the level of parallelization using the performance parameters of our design.

Modular reduction is a core operation in public-key cryptography. While a standard modular reduction is often required, a partial reduction limiting the growth of the coefficients is enough for several usecases.

Knowing the quotient of the Euclidean division of an integer by the modulus allows to easily recover the remainder. We propose a way to compute efficiently, without divisions, an approximation of this quotient. From this approximation, both full and partial reductions are deduced. The resulting algorithms are modulus specific: the sequence of operations to perform in order to get a reduction depends on the modulus and the size of the input.

We analyse the cost of our algorithms for a usecase coming from post-quantum cryptography. We show that with this modulus, on a CPU with a slow multiplication, our method gives an algorithm faster than prior art algorithms.

The Internet of Things (IoT) has brought new ways for humans and machines to communicate with each other over the internet. Though sensor-driven devices have largely eased our everyday lives, most IoT infrastructures have been suffering from security challenges. Since the emergence of IoT, lightweight block ciphers have been a better option for intelligent and sensor-based applications. When public-key infrastructure dominates worldwide, the symmetric key encipherment such as Advanced Encryption Standard (AES) shows immense prospects to sit with the smart home IoT appliances. As investigated, chaos motivated logistic map shows enormous potential to secure IoT aligned real-time data communication. The unpredictability and randomness features of the logistic map in sync with chaos-based scheduling techniques can pave the way to build a particular dynamic key propagation technique for data confidentiality, availability and integrity. After being motivated by the security prospects of AES and chaos cryptography, the paper illustrates a key scheduling technique using a 3-dimensional S-box (substitution-box). The logistic map algorithm has been incorporated to enhance security. The proposed approach has applicability for lightweight IoT devices such as smart home appliances. The work determines how seeming chaos accelerates the desired key-initiation before message transmission. The proposed model is evaluated based on the key generation delay required for the smart-home sensor devices.

Proof-of-stake algorithms implemented as distributed consensus mechanisms in the base layer of blockchain networks are defective cryptosystems by nature. By trying to improve the energy efficiency of blockchains using proof-of-work in the consensus mechanism, proof-of-stake is introducing a set of significant new flaws in both monetary and governance models. Such systems are plutocratic, oligopolistic, and permissioned.

In this article we perform a general study on the criterion of weightwise nonlinearity for the functions which are weightwise perfectly balanced (WPB). First, we investigate the minimal value this criterion can take over WPB functions, deriving theoretic bounds, and exhibiting the first values. We emphasize the link between this minimum and weightwise affine functions, and we prove that for $n\ge 8$ no $n$-variable WPB function can have this property. Then, we focus on the distribution and the maximum of this criterion over the set of WPB functions. We provide theoretic bounds on the latter and algorithms to either compute or estimate the former, together with the results of our experimental studies for $n$ up to $8$. Finally, we present two new constructions of WPB functions obtained by modifying the support of linear functions for each set of fixed Hamming weight. This provides a large corpus of WPB function with proven weightwise nonlinearity, and we compare the weightwise nonlinearity of these constructions to the average value, and to the parameters of former constructions in $8$ and $16$ variables.

Onion services enable bidirectional anonymity for parties that communicate over the Tor network, thus providing improved privacy properties compared to standard TLS connections. Since these services are designed to support server-side anonymity, the entry points for these services shuffle across the Tor network periodically. In order to connect to an onion service at a given time, the client has to resolve the .onion address for the service, which requires querying volunteer Tor nodes called Hidden Service Directories (HSDirs). However, previous work has shown that these nodes may be untrustworthy, and can learn or leak the metadata about which onion services are being accessed. In this paper, we present a new class of attacks that can be performed by malicious HSDirs against the current generation (v3) of onion services. These attacks target the unlinkability of onion services, allowing some services to be tracked over time.

To restore unlinkability, we propose a number of concrete designs that use Private Information Retrieval (PIR) to hide information about which service is being queried, even from the HSDirs themselves. We examine the three major classes of PIR schemes, and analyze their performance, security, and how they fit into Tor in this context. We provide and evaluate implementations and end-to-end integrations, and make concrete suggestions to show how these schemes could be used in Tor to minimize the negative impact on performance while providing the most security.

We propose a univariate sumcheck argument $\mathfrak{Count}$ of essentially optimal communication efficiency of one group element. While the previously most efficient univariate sumcheck argument of Aurora is based on polynomial commitments, $\mathfrak{Count}$ is based on inner-product commitments. We use $\mathfrak{Count}$ to construct a new pairing-based updatable and universal zk-SNARK $\mathfrak{Vampire}$ with the shortest known argument length (five group elements and two integers) for $\mathsf{NP}$. In addition, $\mathfrak{Vampire}$ uses the aggregated polynomial commitment scheme of Boneh et al. Differently from the previous (efficient) work, both $\mathfrak{Count}$ and $\mathfrak{Vampire}$ have an updatable SRS that consists of non-consequent monomials.

This paper presents benchmarking and profiling of the two lattice-based signature scheme finalists, Dilithium and Falcon, on the ARM Cortex M7 using the STM32F767ZI NUCLEO-144 development board. This research is motivated by the Cortex M7 device being the only processor in the Cortex-M family to offer a double precision (i.e., 64-bit) floating-point unit, making Falcon’s implementations, requiring 53 bits of precision, able to fully run native floating-point operations without any emulation. Falcon shows significant speed-ups between 6.2-8.3x in clock cycles, 6.2-11.8x in runtime, but Dilithium does not show much improvement other than those gained by the slightly faster processor. We then present profiling results of the two schemes on the Cortex M7 to show their respective bottlenecks and operations where the improvements are and can be made, which show some operations in Falcon’s procedures observe speed-ups by an order of magnitude. Finally, we test the native FPU instructions on the Cortex M7, used in Falcon’s FPR instructions, for constant runtime and find irregularities on four different STM32 boards, as well as on the Raspberry Pi 3, used in previous benchmarking results for Falcon.

Dynamic participation support is an important feature of Bitcoin's longest-chain protocol and its variants. But these protocols suffer from long latency as a fundamental trade-off. Specifically, the latency depends at least on the following two factors: 1) the desired security level of the protocol, and 2) the actual participation level of the network. Classic BFT protocols, on the other hand, can achieve constant latency but cannot make progress under dynamic participation. In this work, we present a protocol that simultaneously supports dynamic participation and achieves constant latency. Our core technique is to extend the classic BFT approach from static quorum size to dynamic quorum size, i.e., according to the current participation level, while preserving important properties of static quorum. We also present a recovery mechanism for rejoining nodes that is efficient in terms of both communication and storage. Our experimental evaluation shows our protocol has much lower latency than a longest-chain protocol, especially when there is a sudden decrease of participation.

Zero-knowledge (ZK) applications form a large group of use cases in modern cryptography, and recently gained in popularity due to novel proof systems. For many of these applications, cryptographic hash functions are used as the main building blocks, and they often dominate the overall performance and cost of these approaches. Therefore, in the last years several new hash functions were built in order to reduce the cost in these scenarios, including Poseidon and Rescue among others.

These hash functions often look very different from more classical designs such as AES or SHA-2. For example, they work natively with integer objects rather than bits. At the same time, for example Poseidon and Rescue share some common features, such as being SPN schemes and instantiating the nonlinear layer with invertible power maps. While this allows the designers to provide simple and strong arguments for establishing their security, it also introduces some crucial limitations in the design, which affects the performance in the target applications.

To overcome these limitations, we propose the Horst mode of operation, in which the addition in a Feistel scheme $(x,y) \mapsto (y+F(x), x)$ is replaced by a multiplication, i.e., $(x,y) \mapsto (y \times G(x), x)$.

By carefully analyzing the relevant performance metrics in SNARK and STARK protocols, we show how to combine an expanding Horst scheme and the strong points of existing schemes in order to provide security and better efficiency in the target applications. We provide an extensive security analysis for our new design Griffin and a comparison with all current competitors.

Rotational-XOR (RX) cryptanalysis is a cryptanalytic method aimed at finding distinguishable statistical properties in ARX-C ciphers, i.e., ciphers that can be described only by using modular addition, cyclic rotation, XOR, and the injection of constants. In this paper we extend RX-cryptanalysis to AND-RX ciphers, a similar design paradigm where the modular addition is replaced by vectorial bitwise AND; such ciphers include the block cipher families Simon and Simeck. We analyze the propagation of RX-differences through AND-RX rounds and develop a closed form formula for their expected probability. Inspired by the MILP verification model proposed by Sadeghi et al., we develop a SAT/SMT model for searching compatible RX-characteristics in Simon-like ciphers, i.e., that there are at least one right pair of messages/keys to satisfy the RK-characteristics. To the best of our knowledge, this is the first model that takes the RX-difference transitions and value transitions simultaneously into account in Simon-like ciphers. Meanwhile, we investigate how the choice of the round constants affects the resistance of Simon-like ciphers against RX-cryptanalysis. Finally, we show how to use an RX-distinguisher for a key recovery attack. Evaluating our model we find compatible RX-characteristics of up to 20, 27, and 34 rounds with respective probabilities of 2 −26 ,2 −44 , and 2 −56 for versions of Simeck with block sizes of 32, 48, and 64 bits, respectively, for large classes of weak keys in the related-key model. In most cases, these are the longest published distinguishers for the respective variants of Simeck. In the case of Simon, we present compatible RX-characteristics for round reduced versions of all ten instances. We observe that for equal block and key sizes, the RX-distinguishers cover fewer rounds in Simon than in Simeck. Concluding the paper, we present a key recovery attack on Simeck 64 reduced to 28 rounds using a 23-round RX-characteristic.

Event date: 29 August to 2 September 2022
Submission deadline: 3 May 2022
Notification: 10 June 2022

Event date: 5 December to 9 December 2022
Submission deadline: 27 May 2022
Notification: 25 August 2022

Medical Data Privacy and Privacy-Preserving ML on Healthcare Data (MDPPML) group at the University of Tübingen is looking for motivated Ph.D. students in the area of Privacy Enhancing Technologies.

Research Topics: Development and analysis of cryptography-based privacy-preserving solutions for real-world healthcare problems. Topics of interest include (but are not limited to): privacy-preserving machine learning, data privacy as well as foundations for real-world cryptography.

Your profile:

• Completed Master's degree (or equivalent) at a top university with excellent grades in computer science, or a similar area.
• Knowledge in applied cryptography/security and machine learning.
• Very good software development skills.
• Self-motivated, reliable, creative, can work independently and want to do excellent research.

The positions are available immediately with an internationally competitive salary (salary level 13 TV-L).

Closing date for applications:

Contact: Dr. Mete Akgün (mete.akguen@uni-tuebingen.de)

Quantum Delta Netherlands has started a large national project in support of quantum technologies. The Catalyst-2 (CAT2) subproject concentrates on the development of quantum key distribution and "Quantum Internet" applications.
The department of Mathematics and Computer Science at TU Eindhoven has a postdoc vacancy for theoretical work in CAT2. The research will concentrate on

• theory related to the Quantum Key Distribution testbed under development in Eindhoven;
• quantum cryptography beyond QKD, e.g. key recycling, unclonable encryption, unclonable credentials, quantum PUFs etc.

The project has good opportunities for collaboration with other departments at TU Eindhoven and with other Dutch universities. Job requirements We are looking for candidates with a PhD in cryptography, theoretical physics, or mathematics, and preferably a background in quantum cryptography or post-quantum cryptography.

Closing date for applications:

Contact: Boris Skoric

More information: https://jobs.tue.nl/en/vacancy/postdoc-cat2-quantum-protocols-910938.html

Technology Innovation Institute (TII) is a recently-established publicly-funded research institute in Abu Dhabi (UAE). It is home to a diverse community of leading scientists and engineers from across the globe.

Job Description

We are looking for permanent researchers to join the Cryptographic Protocols team within the Cryptography Research Center (CRC) at TII. The main aim of the team is to conduct applied academic research in areas relating to cryptographic protocols, such as: TLS, QUIC, Tor, Key Exchange, Secure Channels, Cryptographic Primitives, Privacy Enhancing Technologies, MLS and Secure Messaging, Probabilistic Data Structures in Adversarial Environments, and Blockchain-Related Technologies. The nature of the research spans both theory and practice, covering aspects such as provable security, security models, efficient designs, implementation aspects, and attacks.

Applicants should have completed (or be close to completing) their PhD in a related area and preferably have postdoctoral research experience. Preference will be given to applicants with publications in top-tier venues such as CRYPTO, EUROCRYPT, ASIACRYPT, ACM CCS, IEEE S&P, and USENIX.

Required Skills:

• Fluency in English (verbal and written) and an ability to communicate research effectively.
• Good problem-solving skills and an ability to conduct research independently.
• Good interpersonal and collaborative skills.
• Solid knowledge in cryptography.

Valuable Skills:

• Strong background in Mathematics and/or Computer Science.
• Programming, Software Engineering, experience in implementing cryptographic primitives and attacks on real-world cryptosystems, reverse engineering of closed-source protocols.
• Experience in analyzing protocol standards and specifications.

What we offer:

• Vibrant working environment, flexible working conditions, and travel funding.
• Industry-competitive tax-free salary.
• Family-wide health insurance and children’s education allowance.
• Sunshine all year round.

Closing date for applications:

Contact:

• Contact Jean Paul Degabriele (jeanpaul.degabriele@tii.ae) for information relating to research and work environment.
• To apply send your CV to Mehdi Messaoudi (mehdi.messaoudi@tii.ae) - Talent Acquisition Manager.

More information: https://www.tii.ae/cryptography

A Ph.D. position is available in the Cryptology and Data Security research group at the Institute of Computer Science, University of Bern, led by Christian Cachin.

https://crypto.unibe.ch/

Our research addresses all aspects of security in distributed systems, especially cryptographic protocols, consistency, consensus, and cloud-computing security. We are particularly interested in blockchains, distributed ledger technology, cryptocurrencies, and their security and economics.

Candidates should have a strong background in computer science. They should like conceptual, rigorous thinking for working theoretically, or be interested in building innovative systems for working practically. Demonstrated expertise in cryptography, distributed computing, or blockchain technology is a plus. Applicants must hold a master degree in the relevant research fields.

Positions are available starting immediately and come with a competitive salary. The selection process runs until suitable candidates have been found. The University of Bern conducts excellent research and lives up its vision that “Knowledge generates value”. The city of Bern lies in the center of Switzerland and offers some of the highest quality of life worldwide.

If you are interested, please apply be sending email with one single PDF file and subject line set to Application for Ph.D., addressed directly to Prof. Christian Cachin at crypto (at) inf.unibe.ch.

Since we receive many applications, we encourage you to include material that demonstrates your interests and strengths and sets you apart from others.

Closing date for applications:

Contact: Christian Cachin (https://crypto.unibe.ch/cc/)

More information: https://crypto.unibe.ch/jobs/

Cryspen is looking for a cryptography engineer to help maintain and build high assurance cryptographic software.

You will start out maintaining and extending the Cryspen HACL packages, a portable crypto library in C with Rust, OCaml, and JavaScript bindings, which is built on top of the HACL* verified cryptography from Inria and Microsoft Research. Later you will be primarily implementing new cryptographic primitives and protocols in Rust, ranging from secure multi party computation to post quantum cryptography.

Writing and maintaining cryptography is a delicate task that requires attention to detail and the utmost care; Cryspen's formally verified cryptography even more so. As an ideal candidate you are therefore able to handle highly sensitive and highly detailed tasks.

If you have experience with open source projects, that’s great but not necessary.

We expect that you understand the basics of all involved technologies and concepts. However, we especially invite you to apply if you are an early career professional or a recent graduate.

Closing date for applications:

Contact: job-application@cryspen.com

More information: https://docs.google.com/document/d/1WWplyJxIBXEEEyUZp5TFzuRYE5Vmn308NUIwe65oerE