International Association
for Cryptologic Research

At the Department of Computer Science which is part of the Faculty of Computer Science, Electrical Engineering and Mathematics this PostDoc position is to be filled in the working group Codes and Cryptography. It's a full-time position in the field of post-quantum cryptography, available immediately and with a flexible start date. The position is limited to a period of 3 years. Your tasks: • Research in the field of post-quantum cryptography • Teaching to the extent of 4 hours a week • Participation in the Department of Computer Science Your profile: • Doctorate degree in the field of cryptography • Expertise in one of these areas: post-quantum cryptography, lattice-based cryptography • Experience in the field of quantum algorithms or quantum complexity is an advantage If you are interested, please send an email including your detailed CV and a list of publications to bloemer@upb.de. Applications will be reviewed continuously until the position is filled.

Closing date for applications:

Contact: Prof. Dr. Johannes Blömer (bloemer@upb.de)

More information: https://www.uni-paderborn.de/fileadmin/zv/4-4/stellenangebote/Kennziffer5167_Englisch.pdf

One Ph.D. position opening (post-quantum cryptography and related) at Dr. Jiafeng Harvest Xie's Security and Cryptography (SAC) Lab (https://www.ece.villanova.edu/~jxie02/lab/), Department of Electrical and Computer Engineering, Villanova University, Villanova, PA USA.

Villanova University ranks #49 National Universities in the USA (US News), is located in Villanova, west suburban of Philadelphia. Famous alumni include the current First Lady of the USA!

Requirements: Preferred to be in majors of CS/CE/EE, Applied Mathematics/Cryptography.

Skillful in programming Languages such as CC++, Python, VHDL/Verilog, and so on.

Deadline: better to start in Fall 2022/Spring 2023.

This research focuses on the security aspects of post-quantum cryptography and related implementations. Advisor and senior Ph.D. student will guide you to get started and work together on forthcoming challenges. You will not be fighting alone!!!

Closing date for applications:

Contact: Dr. Jiafeng Harvest Xie

More information: https://www.ece.villanova.edu/~jxie02/lab/

Several, fully-funded, PhD student openings (for Fall 2022 and Spring 2023) in the domains of cryptography, computer security, privacy, and blockchain-based systems are available at the University of Connecticut (UConn), Computer Science and Engineering department, led by Prof. Ghada Almashaqbeh.

Scope: The positions provide a great opportunity to work on timely topics in cryptography (both theory and applied), systems security, and privacy. A large part of our lab research is around security and privacy for blockchains. We target real-world problems and aim to provide secure and practical solutions backed by rigorous foundations and efficient implementations/thorough performance testing. We are also interested in conceptual projects that contribute in bridging the gap between theory and practice of Cryptography. Students will gain experience in topics around multiparty computation, FHE, zero-knowledge proofs, cryptography from physical assumptions, and distributed systems security (mainly blockchain-based systems and privacy-preserving machine learning).

More information: For more information about our current and previous projects please check https://ghadaalmashaqbeh.github.io/research/

About UConn: UConn is R1 Research University in Storrs, CT. It is well connected to New York, Boston, and Providence areas, offering easy access to other top research institutions and lead-industrial companies for research, collaborations, and internship opportunities. The CSE department at UConn has a large and strong cybersecurity group, and it is ranked 18 among all USA computer science programs in Cryptography (based on csranking.org).

Get in touch: For interested students, please send your CV, an overview of current/previous research experiences and skills/related background, and transcripts to ghada@uconn.edu

Closing date for applications:

Contact: Ghada Almashaqbeh

Huawei German Research Center in Munich is responsible for advanced technical research, architecture evolution design and strategic technical planning. The Cyber Security and Privacy Lab is developing cutting-edge technologies, which are designed for supporting data protection and accountability in the Cloud, IoT and cloud-based networks.

To support our research activities, we are looking for an enthusiastic and highly motivated PhD student Security &Trust - Connected, Cooperative, Automated Mobility (m/f/d)

Research Topic

• Perform research and develop new solutions for Trust Management in the Next-Generation CCAM technologies.
• Contribute to new mechanisms for assessing dynamic trust relationship based on Zero Trust and Subjective Logic.
• Define a trust model and trust reasoning framework based on which involved entities can establish trust for cooperatively executing safety-critical functions.

Responsibilities

• Contribute to the research and development of technologies in the upcoming domain of Connected, Cooperative and Automated Mobility (CCAM).
• Being involved in international initiatives including industry groups such as 5GAA, Gaia-X, DIF and Horizon Europe research projects.

Your Profile

• Completed master studies (or equivalent) in computer science, information technology, electrical engineering, or mathematics;
• Exposure and understanding of data protection and security development technologies;
• Good programming skill;
• Excellent collaboration and communication skills;
• Fluent in English;

Closing date for applications:

Contact: Dr. Ioannis Krontiris (ioannis.krontiris@huawei.com)

More information: https://apply.workable.com/huawei-16/j/708737847F/

Applications are invited for a PhD position in the field of cryptography at the Universitat Pompeu Fabra in Barcelona, Spain. The applicant will be supervised by Carla Ràfols. The topic of research will be theoretical aspects of zero-knowledge proofs. The candidate should have completed his/her master´s degree by Oct. 2022 in computer science, mathematics or a related area. The starting date will be around Oct. 2022. Applications should start with a a short motivation letter, include a full CV, a copy of grade transcript(s) of completed studies and (when possible) one name of reference. To apply or request further information, please send an email to cryptophdupf (at) upf.edu. The review of applications will start end of May and continue until the position is filled.

Closing date for applications:

Contact: Carla Ràfols: cryptophdupf@upf.edu

1) Research The topic of this academic chair is the security of embedded systems. By systems we intend to mean: the component-level, the low-power/high-performance processor-level, and the architecture. The main component and focus is the hardware part but, as an extension, we anticipate a joint (collaborative) research with a specific focus on communication aspects and, possibly, embedded software aspects. The desired required areas of interest include, but are not limited to: - Hardware implementation of cryptographic algorithms/primitives - Implementation of physical security countermeasures - Technology-aware design of secure systems (emerging IC-manufacturing technologies) - Trusted computing (platforms, protocols) - Hardware roots of trust (PUF, TRNG) - Secure hardware/software codesign - System-on-chip security - IoT security (protocols implementation, network aspects) - Cyberphysical systems security - Embedded software security - Processor architecture security The successful applicant will benefit from existing research and experimental equipment of the laboratories of the Engineering and Sciences Faculty (electronics, network security, wireless communications, cryptography, ..) and the immediate involvement in the supervision of 5+ running PhD theses. 2) Education The teaching responsibilities of the prospective candidate will cover various types of activities, including lectures, tutorials and project-based learning at the Bachelor and Master’s level in the Brussels School of Engineering (Ecole Polytechnique de Bruxelles). Proven teaching skills with experience in teaching in English and in French will be considered as an asset. The appointed academic will take the responsibility of the following courses : Architecture and security of processors, Design of secure systems, Hardware security.

Closing date for applications:

Contact: jean-michel.dricot@ulb.be

More information: https://www.ulb.be/greffeintra/files/7734.pdf

The Centre for Hardware Security at TalTech, led by Prof. Samuel Pagliarini, invites applications for several fully-funded PhD positions. The Centre conducts research in the area of Hardware Security focusing on trustworthy integrated circuit (IC) design, electronic design automation (EDA) for secure systems, hardware trojans, reverse engineering, circuit obfuscation, crypto hardware, and other similar security topics. Successful candidates will have access to silicon fabrication in order to validate research ideas as it is already a practice of the Centre (see portfolio).

Requirements: We are looking for motivated candidates with a strong background in circuit design. PhD candidates must have completed a Master's degree (or be about to complete). Previous expertise on Hardware Security/Cryptography is not required but is highly desirable. The candidates are expected to have the following core skills:

Ability to describe digital circuitry (preferably in Verilog)

Ability to write C++/python scripts for building small EDA tools

Familiarity w/ Cadence tools for IC design (Genus, Innovus, Virtuoso, etc.) or equivalent tools from Siemens/Synopsys

Strong writing skills (English) that are compatible with doctoral-level requirements, i.e., writing academic papers and articles.

How to apply: Please submit your CV and transcripts to Prof. Pagliarini by email using the subject ‘PhD in Hardware Security’. Candidates with adequate backgrounds will be invited to interview over Skype. Applications are processed as they arrive. All positions have a tentative start date of September 2022. The nominal duration of a PhD degree is 4 years at TalTech. Salaries are approximately 1600 EUR/month (net), which allows for a comfortable standard of living in Tallinn.

Closing date for applications:

Contact: Samuel Pagliarini via email, name.lastname@taltech.ee

More information: https://ati.ttu.ee/~spagliar/timeline/index.html

Fully homomorphic encryption (FHE) allows arbitrary computations on encrypted data. The standard security requirement, IND-CPA security, ensures that the encrypted data remain private. However, it does not guarantee privacy for the computation performed on the encrypted data. Statistical circuit privacy offers a strong privacy guarantee for the computation process, namely that a homomorphically evaluated ciphertext does not leak any information on how the result of the computation was obtained. Malicious statistical circuit privacy requires this to hold even for maliciously generated keys and ciphertexts. Ostrovsky, Paskin and Paskin (CRYPTO 2014) constructed an FHE scheme achieving malicious statistical circuit privacy. Their construction, however, makes non-black-box use of a specific underlying FHE scheme, resulting in a circuit-private scheme with inherently high overhead. This work presents a conceptually different construction of maliciously circuit-private FHE from simple information-theoretical principles. Furthermore, our construction only makes black-box use of the underlying FHE scheme, opening the possibility of achieving practically efficient schemes. Finally, in contrast to the OPP scheme in our scheme, pre- and post-homomorphic ciphertexts are syntactically the same, enabling new applications in multi-hop settings.

This paper proposes a new single-trace side-channel attack on lattice-based post-quantum protocols. We target the ω-small polynomial sampling of NTRU, NTRU Prime, and CRYSTALS-DILITHIUM algorithm implementations (which are NIST Round-3 finalists and alternative candidates), and we demonstrate the vulnerabilities of their sub-routines to a power-based side-channel attack. Specifically, we reveal that the sorting implementation in NTRU/NTRU Prime and the shuffling in CRYSTALS-DILITHIUM's ω-small polynomial sampling process leaks information about the ‘-1’, '0’, or ’+1' assignments made to the coefficients. We further demonstrate that these assignments can be found within a single power measurement and that revealing them allows secret and session key recovery for NTRU/NTRU Prime, while reducing the challenge polynomial's entropy for CRYSTALS-DILITHIUM. We execute our proposed attacks on an ARM Cortex-M4 microcontroller running the reference software submissions from NIST Round-3 software packages. The results show that our attacks can extract coefficients with a success rate of 99.78% for NTRU and NTRU Prime, reducing the search space to 2^41 or below. For CRYSTALS-DILITHIUM, our attack recovers the coefficients’ signs with over 99.99% success, reducing rejected challenge polynomials’ entropy between 39 to 60 bits. Our work informs the proposers about the single-trace vulnerabilities of their software and urges them to develop single-trace resilient software for low-cost microcontrollers.

Over the past few years, deep-learning-based attacks have emerged as a de facto standard, thanks to their ability to break implementations of cryptographic primitives without pre-processing, even against widely used counter-measures such as hiding and masking. However, the recent works of Bronchain and Standaert at Tches 2020 questioned the soundness of such tools if used in a black-box setting to evaluate implementations protected with higher-order masking. On the opposite, white-box evaluations may be seen as possibly far from what a real-world adversary could do, thereby leading to too conservative security bounds. In this paper, we propose a new threat model that we name grey-box benefiting from a trade-off between black and white box models. Our grey-box model is closer to a real-world adversary, in the sense that it does not need to have access to the random nonces used by masking during the profiling phase like in a white-box model, while it does not need to learn the masking scheme as implicitly done in a black-box model. We show how to combine the power of deep learning with the prior knowledge of grey-box modeling. As a result, we show on simulations and experiments on public datasets how it allows to reduce by an order of magnitude the profiling complexity, i.e., the number of profiling traces needed to satisfyingly train a model, compared to a fully black-box model.

Smart contracts often need to verify identity-related information of their users. However, such information is typically confidential, and its verification requires access to off-chain resources. Given the isolation and privacy limitations of blockchain technologies, this presents a problem for on-chain verification. In this paper, we show how CL-signature-based anonymous credentials can be verified in smart contracts using the example of Hyperledger Indy, a decentralized credential management platform, and Ethereum, a smart contract-enabled blockchain. Therefore, we first outline how smart contract-based verification can be integrated in the Hyperledger Indy credential management routine and, then, provide a technical evaluation based on a proof-of-concept implementation of CL-signature verification on Ethereum. While our results demonstrate technical feasibility of smart contract-based verification of anonymous credentials, they also reveal technical barriers for its real-world usage.

The EU GDPR has two main goals: Protecting individuals from personal data abuse and simplifying the free movement of personal data. Privacy-enhancing technologies promise to fulfill both goals simultaneously. A particularly effective and versatile technology solution is multi-party computation (MPC). It allows protecting data during a computation involving multiple parties.

This paper aims for a better understanding of the role of MPC in the GDPR. Although MPC is relatively mature, little research was dedicated to its GDPR compliance. First, we try to give an understanding of MPC for legal scholars and policymakers. Then, we examine the GDPR relevant provisions regarding MPC with a technical audience in mind. Finally, we devise a test that can assess the impact of a given MPC solution with regard to the GDPR.

The test consists of several questions, which a controller can answer without the help of a technical or legal expert. Going through the questions will classify the MPC solution as (1) a means of avoiding the GDPR, (2) Data Protection by Design, or (3) having no legal benefits. Two concrete case studies should provide a blueprint on how to apply the test. We hope that this work also contributes to an interdisciplinary discussion of MPC certification and standardization.

Current side-channel evaluation methodologies exhibit a gap between inefficient tools offering strong theoretical guarantees and efficient tools only offering heuristic (sometimes case-specific) guarantees. Profiled attacks based on the empirical leakage distribution correspond to the first category. Bronchain et al. showed at Crypto 2019 that they allow bounding the worst-case security level of an implementation, but the bounds become loose as the leakage dimensionality increases. Template attacks and machine learning models are examples of the second category. In view of the increasing popularity of such parametric tools in the literature, a natural question is whether the information they can extract (with a given choice of set of models) can be bounded. In this paper, we first show that a metric conjectured to be useful for this purpose, the hypothetical information, does not offer such a general bound. It only does when the assumptions exploited by a parametric model match the true leakage distribution. We therefore introduce a new metric, the training information, that provides the guarantees that were conjectured for the hypothetical information for practically-relevant models. We next initiate a study of the convergence rates of profiled side-channel distinguishers which clarifies, to the best of our knowledge for the first time, the parameters that influence the complexity of a profiling. On the one hand, the latter has practical consequences for evaluators as it can guide them in choosing the appropriate modeling tool depending on the implementation (e.g., protected or not) and contexts (e.g., granting them access to the countermeasures’ randomness or not). It also allows anticipating the amount of measurements needed to guarantee a sufficient model quality. On the other hand, our results connect and exhibit differences between side-channel analysis and statistical learning theory.

Differential attack is a basic cryptanalysis method for block ciphers that exploits the high probability relations between the input and output differences. The existing work in quantum differential cryptanalysis of block ciphers focuses on resource estimation to recover the last round subkeys on the basis of existing relations constructed on classical computers. To find such relations using quantum computer, we propose a method to search the high probability differential and impossible differential characteristics using quantum computer. The method explores all possible input and output difference pairs simultaneously using superposition of qubits. The proposed method is used to design the quantum circuit to search the differential characteristics for a toy cipher smallGIFT. The branch-and-bound based method is used to validate differential and impossible differential characteristics obtained using proposed method.

There is a growing demand for network-level anonymity for delegates at global organizations such as the UN and Red Cross. Numerous anonymous communication (AC) systems have been proposed over the last few decades to provide anonymity over the internet; however, they either introduce high latency overhead, provide weaker anonymity guarantees, or are difficult to be deployed at the organizational networks. Recently, the PriFi system introduced a client/relay/server model that suitably utilizes the organizational network topology and proposes a low-latency, strong-anonymity AC protocol. Using an efficient lattice-based (almost) key-homomorphic pseudorandom function and Netwon's power sums, we present a novel AC protocol OrgAn in this client/relay/server model that provides strong anonymity against a global adversary controlling the majority of the network. OrgAn's cryptographic design allows it to overcome several major problems with any realistic PriFi instantiation: (a) unlike PriFi, OrgAn avoids frequent, interactive, slot-agreement protocol among the servers; (b) a PriFi relay has to receive frequent communication from the servers which can not only become a latency bottleneck but also reveal the access pattern to the servers and increases the chance of server collusion/coercion, while OrgAn servers are absent from any real-time process. We demonstrate how to make this public-key cryptographic solution scale equally well as the symmetric-cryptographic PriFi with practical pre-computation and storage requirements. Through a prototype implementation we show that OrgAn provides similar throughput and end-to-end latency guarantees as PriFi, while still discounting the setup challenges in PriFi.

A new fundamental 4-round property against AES, called the zero-difference property, was introduced by R{\o}njom, Bardeh and Helleseth at Asiacrypt 2017. Our work characterizes it in a simple way by exploiting the notion of related differences which was introduced and well analyzed by AES designers. We then are interested in the way of extending the 4-round property by considering some further properties of related differences over the AES linear layer, generalizing the zero-difference property. This results in a new key recovery attack on 7-round AES which is the first attack on 7-round AES by exploiting the zero-difference property.

Secure messaging applications are deployed on devices that can be compromised, lost, stolen, or corrupted in many ways. Thus, recovering from attacks to get back to a clean state is essential and known as healing. Signal is a widely-known, privacy-friendly messaging application, that uses key-ratcheting mechanism updates keys at each stage to provide end-to-end channel security, forward secrecy, and post-compromise security. We strengthen this last property, by providing a faster healing. Signal needs up to two full chains of messages before recovering, our protocol enables recovery after the equivalent of a chain of only one message. We also provide an extra protection against session-hijacking attacks. We do so, while building on the pre-existing Signal backbone, without weakening its other security assumptions, and still being compatible with Signal's out-of-order message handling feature. Our implementation results show that, while slower than Signal (as expected), MARSHAL's spectacular gain in healing speed comes at a surprisingly low cost, with individual stages (including key-derivation, encryption, and decryption) taking less than 6 ms.

Let $q$ be an odd prime power and ${\mathbb F}_{q^3}$ be the finite field with $q^3$ elements. In this paper, we propose two classes of permutation trinomials of ${\mathbb F}_{q^3}$ for an arbitrary odd characteristic based on the multivariate method and some subtle manipulation of solving equations with low degrees over finite fields. Moreover, we demonstrate that these two classes of permutation trinomials are QM inequivalent to all known permutation polynomials over ${\mathbb F}_{q^3}$. To the best of our knowledge, this paper is the first to study the construction of nonlinearized permutation trinomials of ${\mathbb F}_{q^3}$ with at least one coefficient lying in ${\mathbb F}_{q^3}\backslash{\mathbb F}_{q}$.

Physical attacks, including passive Side-Channel Analysis and active Fault Injection Analysis, are considered among the most powerful threats against physical cryptographic implementations. These attacks are well known and research provides many specialized countermeasures to protect cryptographic implementations against them. Still, only a limited number of combined countermeasures, i.e., countermeasures that protect implementations against multiple attacks simultaneously, were proposed in the past. Due to increasing complexity and reciprocal effects, design of efficient and reliable combined countermeasures requires longstanding expertise in hardware design and security. With the help of formal security specifications and adversary models, automated verification can streamline development cycles, increase quality, and facilitate development of robust cryptographic implementations. In this work, we revise and refine formal security notions for combined protection mechanisms and specifically embed them in the context of hardware implementations. Based on this, we present the first automated verification framework that can verify physical security properties of hardware circuits with respect to combined physical attacks. To this end, we conduct several case studies to demonstrate the capabilities and advantages of our framework, analyzing secure building blocks (gadgets), S-boxes build from Toffoli gates, and the ParTI scheme. For the first time, we reveal security flaws in analyzed structures due to reciprocal effects, highlighting the importance of continuously integrating security verification into modern design and development cycles.

We tackle a challenging problem at the intersection of two emerging technologies: Post-quantum cryptography (PQC) and vehicle-to-vehicle (V2V) communications. Connected vehicles use V2V technology to exchange safety messages that allow them to increase proximity awareness, improving roadway safety. The integrity and authenticity of these messages is critical to prevent an adversary from abusing V2V technology to cause a collision, traffic jam, or other unsafe and/or disruptive situations. The IEEE 1609.2 standard (2016) specifies authentication mechanisms for V2V communications that rely on the elliptic curve digital signature algorithm (ECDSA) and are therefore not secure against quantum attackers. In this paper, we are the first to devise and evaluate PQC for authenticating messages in IEEE 1609.2. By analyzing the properties of the NIST PQC standardization finalists, as well as XMSS (RFC 8391), we propose three practical, ECDSA-PQ hybrid designs for use during the transition from classical to PQ-secure cryptography.