International Association for Cryptologic Research

International Association
for Cryptologic Research


Updates on the COVID-19 situation are on the Announcement channel.

Here you can see all recent updates to the IACR webpage. These updates are also available:

email icon
via email
RSS symbol icon
via RSS feed
Twitter bird icon
via Twitter
Weibo icon
via Weibo
Facebook icon
via Facebook

10 May 2022

Norica Băcuieți, Joan Daemen, Seth Hoffert, Gilles Van Assche, Ronny Van Keer
ePrint Report ePrint Report
Currently, a vast majority of symmetric-key cryptographic schemes are built as block cipher modes. The block cipher is designed to be hard to distinguish from a random permutation and this is supported by cryptanalysis, while (good) modes can be proven secure if a random permutation takes the place of the block cipher. As such, block ciphers form an abstraction level that marks the border between cryptanalysis and security proofs. In this paper, we investigate a re-factored version of symmetric-key cryptography built not around the block ciphers but rather the deck function: a keyed function with arbitrary input and output length and incrementality properties. This allows for modes of use that are simpler to analyze and still very efficient thanks to the excellent performance of currently proposed deck functions. We focus on authenticated encryption modes with varying levels of robustness. Our modes have built-in support for sessions, but are also efficienty without them. As a by-product, we define a new ideal model for authenticated encryption dubbed the jammin cipher. Unlike the OAE2 security models, the jammin cipher is both a operational ideal scheme and a security reference, and addresses real-world use cases such as bi directional communication and multi-key security.
Malik Imran, Felipe Almeida, Andrea Basso, Sujoy Sinha Roy, Samuel Pagliarini
ePrint Report ePrint Report
Quantum computers will break cryptographic primitives that are based on integer factorization and discrete logarithm problems. SABER is a key agreement scheme based on the Learning With Rounding problem that is quantum-safe, i.e., resistant to quantum computer attacks. This article presents a high-speed silicon implementation of SABER in a 65nm technology as an Application Specific Integrated Circuit. The chip measures 1$mm^2$ in size and can operate at a maximum frequency of 715$MHz$ at a nominal supply voltage of 1.2V. Our chip takes 10$\mu s$, 9.9$\mu s$ and 13$\mu s$ for the computation of key generation, encapsulation, and decapsulation operations of SABER. The average power consumption of the chip is 153.6$mW$. Physical measurements reveal that our design is 8.96x (for key generation), 11.80x (for encapsulation), and 11.23x (for decapsulation) faster than the best known silicon-proven SABER implementation.
Diego Aranha, Chuanwei Lin, Claudio Orlandi, Mark Simkin
ePrint Report ePrint Report
Private set-intersection (PSI) is one of the most practically relevant special-purpose secure multiparty computation tasks, as it is motivated by many real-world applications. In this paper we present a new private set-intersection protocol which is laconic, meaning that the protocol only has two rounds and that the first message is independent of the set sizes. Laconic PSI can be useful in applications, where servers with large sets would like to learn the intersection of their set with smaller sets owned by resource-constrained clients and where multiple rounds of interactions are not possible.

Previously, practically relevant laconic PSI protocols were only known from factoring-type assumptions. The contributions of this work are twofold: 1) We present the first laconic PSI protocol based on assumptions over pairing-friendly elliptic curves; and 2) For the first time we provide empirical evaluation of any laconic PSI protocol by carefully implementing and optimising both our and previous protocols. Our experimental results shows that our protocol outperforms prior laconic PSI protocols.
Marzio Mula, Nadir Murru, Federico Pintore
ePrint Report ePrint Report
We consider the problem of uniformly sampling supersingular elliptic curves over finite fields of cryptographic size (SRS problem). The currently best-known method combines the reduction of a suitable CM $j$-invariant and a random walk over some isogeny graph. Unfortunately, this method is not suitable for cryptographic applications because it leaks too much information about the endomorphism ring of the generated curve. This fact motivates a stricter version of the SRS problem, requiring that the sampling algorithm gives no extra information about the endomorphism ring of the output curve (cSRS problem). The known cSRS algorithms work only for small finite fields, since they involve the computation of polynomials of large degree. In this work we formally define the SRS and cSRS problems, we discuss the relevance of cSRS for cryptographic applications, and we provide a self-contained survey of the known approaches to both the problems. Afterwards, we describe and analyse some alternative techniques, based either on Hasse invariant or division polynomials, and we explain the reasons why these techniques do not readily lead to efficient cSRS algorithms.
Jungmin Park, N. Nalla Anandakumar, Dipayan Saha, Dhwani Mehta, Nitin Pundir, Fahim Rahman, Farimah Farahmandi, Mark M. Tehranipoor
ePrint Report ePrint Report
Research in post-quantum cryptography (PQC) aims to develop cryptographic algorithms that can withstand classical and quantum attacks. The recent advance in the PQC field has gradually switched from the theory to the implementation of cryptographic algorithms on hardware platforms. In addition, the PQC standardization process of the National Institute of Standards and Technology (NIST) is currently in its third round. It specifies ease of protection against side-channel analysis (SCA) as an essential selection criterion. Following this trend, in this paper, we evaluate side-channel leakages of existing PQC implementations using PQC-SEP, a completely automated side-channel evaluation platform at both pre-and post-silicon levels. It automatically estimates the amount of side-channel leakage in the power profile of a PQC design at early design stages, i.e., RTL, gate level, and physical layout level. It also efficiently validates side-channel leakages at the post-silicon level against artificial intelligence (AI) based SCA models and traditional SCA models. Further, we delineate challenges and approaches for future research directions.
Fuchun Guo, Willy Susilo
ePrint Report ePrint Report
Unique signatures are digital signatures with exactly one unique and valid signature for each message. The security reduction for most unique signatures has a natural reduction loss (in the existentially unforgeable against chosen-message attacks, namely EUF-CMA, security model under a non-interactive hardness assumption). In Crypto 2017, Guo {\it et al.} proposed a particular chain-based unique signature scheme where each unique signature is composed of $n$ BLS signatures computed sequentially like a blockchain. Under the computational Diffie-Hellman assumption, their reduction loss is $n\cdot q_H^{1/n}$ for $q_H$ hash queries and it is logarithmically tight when $n=\log{q_H}$. However, it is currently unknown whether a better reduction than logarithmical tightness for the chain-based unique signatures exists.

We show that the proposed chain-based unique signature scheme by Guo {\it et al.} must have the reduction loss $q^{1/n}$ for $q$ signature queries when each unique signature consists of $n$ BLS signatures. We use a meta reduction to prove this lower bound in the EUF-CMA security model under any non-interactive hardness assumption, and the meta-reduction is also applicable in the random oracle model. We also give a security reduction with reduction loss $4\cdot q^{1/n}$ for the chain-based unique signature scheme (in the EUF-CMA security model under the CDH assumption). This improves significantly on previous reduction loss $n\cdot q_H^{1/n}$ that is logarithmically tight at most. The core of our reduction idea is a {\em non-uniform} simulation that is specially invented for the chain-based unique signature construction.
Elena Kirshanova, Alexander May
ePrint Report ePrint Report
We consider the McEliece cryptosystem with a binary Goppa code $C \subset \mathbb{F}_2^n$ specified by an irreducible Goppa polynomial $g(x) \in \mathbb{F}_{2^m}[x]$ and Goppa points $(\alpha_1, \ldots, \alpha_n) \in \mathbb{F}_{2^m}^n$. Since $g(x)$ together with the Goppa points allow for efficient decoding, these parameters form McEliece secret keys. Such a Goppa code $C$ is an $(n-tm)$-dimensional subspace of $\mathbb{F}_2^n$, and therefore $C$ has co-dimension $tm$. For typical McEliece instantiations we have $tm \approx \frac n 4$.

We show that given more than $tm$ entries of the Goppa point vector $(\alpha_1, \ldots, \alpha_n)$ allows to recover the Goppa polynomial $g(x)$ and the remaining entries in polynomial time. Hence, in case $tm \approx \frac n 4$ roughly a fourth of a McEliece secret key is sufficient to recover the full key efficiently.

Let us give some illustrative numerical examples. For ClassicMcEliece with $(n,t,m)=(3488,64,12)$ on input $64\cdot 12+1=769$ Goppa points, we recover the remaining $3488-769=2719$ Goppa points in $\mathbb{F}_{2^{12}}$ and the degree-$64$ Goppa polynomial $g(x) \in \mathbb{F}_{2^{12}}[x]$ in $1$ minute.

For ClassicMcEliece with $(n,t,m)=(8192,128,13)$ on input $128\cdot 13+1=1665$ Goppa points, we recover the remaining $8192-1665=6529$ Goppa points in $\mathbb{F}_{2^{13}}$ and the degree-$128$ Goppa polynomial $g(x) \in \mathbb{F}_{2^{13}}[x]$ in $5$ minutes.

Our results also extend to the case of erroneous Goppa points, but in this case our algorithms are no longer polynomial time.
Hien Chu, Dario Fiore, Dimitris Kolonelos, Dominique Schröder
ePrint Report ePrint Report
Functional commitments (Libert et al.~[ICALP'16]) allow a party to commit to a vector $\vec v$ of length $n$ and later open the commitment at functions of the committed vector succinctly, namely with communication logarithmic or constant in $n$. Existing constructions of functional commitments rely on trusted setups and have either $O(1)$ openings and $O(n)$ parameters, or they have short parameters generatable using public randomness but have $O(\log n)$-size openings. In this work, we ask whether it is possible to construct functional commitments in which both parameters and openings can be of constant size. Our main result is the construction of the first FC schemes matching this complexity. Our constructions support the evaluation of inner products over small integers; they are built using groups of unknown order and rely on succinct protocols over these groups that are secure in the generic group and random oracle model.
Mysten Labs (
Job Posting Job Posting
Mysten is looking for a remote applied cryptographer & researcher interested in cryptographic protocols & their application to blockchains. You would work with us to design, check & implement mission-critical algorithms a range of areas, including primitives such as pairing-based crypto, signature aggregation & distributed key generation, random beacons, efficient accumulators & zero-knowledge proofs.

This role gives the opportunity to work closely with a senior team of experts in theoretical computer science, cryptography, language & systems design, while enjoying a high degree of ownership & autonomy in working conditions & task prioritization. We regularly publish to conferences like CCS, S&P, CRYPTO, NDSS, FC, AsicCCS, PETS, CT-RSA, ESORICS, ACNS etc.

While the following guidelines reflect some of our thinking about a background we would like to see in a candidate, we are committed to diversity, & more surprising profiles with a good argument to fit & capability are encouraged to apply.

Our ideal candidate would have:
- 2+ years of experience in hands-on software engineering for cryptographic operations, such as signature schemes, accumulators, key management, data encryption & compression.

- Understanding of fundamental cryptographic algorithms & underlying math for any of the following: hash functions, finite field arithmetic, polynomials (FFT) & elliptic curves.

- Experience implementing high-performance & parallelizable protocols in languages such as Rust, Go, Java, or C/C++.

- Experience implementing ZKP circuits or proof systems (Groth16, Halo, Plonk, STARKs, Marlin) is considered a plus.

Our team is 100% remote & we are hiring across the world. Here at Mysten Labs, you’ll be joining a world class team with tremendous growth potential. We raised our 1st funding round ($36m series A) from top Silicon Valley VCs led by Andreessen Horowitz (a16z) with participation from Redpoint, Lightspeed, Coinbase Ventures, Electric Capital, Standard Crypto, NFX, Slow Ventures, Scribble Ventures, Samsung Next, Lux Capital & many other great funds & angels!

Closing date for applications:

Contact: Kostas Chalkias (Chief Cryptographer) kostas {at}

More information:

Composable Finance
Job Posting Job Posting
Full-time remote position

You’ll be building the first ZK rollup in the Polkadot ecosystem with other exciting projects like Whirlpool Cash needing your expertise after.

As a high level blockchain developer with exposure to zero knowledge proofs, or cryptographer in the blockchain space with relevant programming skills, you’ll be working on cutting edge technology that will help shape DeFi.


  • Design, implement and build a ZK rollup in Polkadot ecosystem (Rust-Substrate)
  • Collaborate with our team of elite level rust, cryptography and substrate experts
  • Research ZK protocols and their underlying mathematical concepts. Study, understand and communicate the latter cryptographic primitives (e.g: signatures, NIZK, key derivation) relevant in the blockchain space.
  • Produce technical specifications for designs & instantiations of cryptographic protocols
  • Investigate new zero-knowledge applications im Whirlpool that allow the user to manage their deposits without compromising their privacy
  • Ensure thorough project quality and security
  • Write highly secure Rust code

    Requirements & skills:

  • Fluency in Rust, C++, Golang or similar languages, we are working primarily with Rust Substrate.
  • Experience in cryptography and blockchain infrastructure development
  • Familiarity with zero-knowledge schemes (Plonk and Plonky preferred).
  • Passion for Crypto/DeFi

    Nice to have:

  • Experience with scalability techniques such layer 2s (Optimistic and zk-based).
  • Experience with implementing recursive zk-proofs.
  • Experience with XMCP and relay-para-chain structure.
  • Is interested in the Polkadot ecosystem

    Perks: Competitive Crypto payments, all made in USDC.

  • 100% remote work. No geographic restrictions.
  • The ability to work as an independent contractor: We treat you as your own agent and support you accordingly!
  • Annual Working Equipment Allowance.
  • Monthly Gym & Fitness Bonus
  • Global WeWork membership
  • Annual Personal Development Budget

    Closing date for applications:

    Contact: Maya Jerath

    More information:

  • Expand

    09 May 2022

    University of Tübingen, Department of Computer Science; Tübingen, Germany
    Job Posting Job Posting
    Medical Data Privacy and Privacy-Preserving ML on Healthcare Data (MDPPML) group at the University of Tübingen is looking for motivated Ph.D. students in the area of Privacy Enhancing Technologies.

    Research Topics: Development and analysis of cryptography-based privacy-preserving solutions for real-world healthcare problems. Topics of interest include (but are not limited to): privacy-preserving machine learning, genomic privacy, medical privacy as well as foundations for real-world cryptography.

    Your profile:
    • Completed Master's degree (or equivalent) at a top university with excellent grades in computer science, or a similar area.
    • Knowledge in applied cryptography/security and cryptographic protocols.
    • Knowledge in machine learning.
    • Very good software development skills.
    • Self-motivated, reliable, creative, can work independently and want to do excellent research.

    Closing date for applications:

    Contact: Dr. Mete Akgün (

    Job Posting Job Posting

    We are looking for a Cryptography Architect to join our team to help define the next generation of secure Hardware and Software implementations of Post Quantum Cryptography.


    Design, implement and analyse post quantum cryptographic algorithms including key exchange algorithms and digital signature schemes

    • Investigate new and future algorithms, research potential implementations and optimisation for efficient implementation.
    • Develop Architectural descriptions and models of PQ Cryptographic Algorithms
    • Interface with the Engineering team, provide specifications for Micro-Architectural planning and implementation.
    • Perform security analysis of Post Quantum and Classical Cryptography implementations
    • Research and propose secure attack resistant (SCA, Fault) implementations of Post Quantum Algorithms.
    Preferred Skills and Qualifications
    • PhD or degree in Cryptography, Applied Cryptography, Mathematics or Computer Science
    • 2+ years of work experience or research in the field of Post-Quantum Cryptography
    • Knowledge of Secure Implementations of cryptography
    • Knowledge of Side-channel analysis of cryptographic primitives
    • Theoretical understanding of common side-channel countermeasures
    • Programming skills , C/C++, Python, Mathematics tools

    Closing date for applications:

    Contact: Graeme Hickey

    More information:

    Institute of Systems Architecture, Chair of Systems Engineering (
    Job Posting Job Posting
    The Chair of Systems Engineering is conducting research in various cooperations with known industry partners and international EU-Third-Party funded projects. Tasks: Independent research in the field of systems engineering, especially in the field of cloud computing, confidential computing and cryptography. The development, publication and presentation of scientific publications at national and international conferences as well as journals are expected. Requirements: - very good university degree (M.Sc., Dipl.) in Computer Science - strong skills in distributed systems - ability to work independently and purposefully in a team - an integrative and cooperative personality with excellent communication and social skills - high engagement - fluency in English - written and oral - interest in interdisciplinary cooperation in all areas of computer science as well as with industrial partners - practical experiences with various programming languages and concepts What we offer: You join a team of enthusiastic scientists who creatively pursue their individual research work. Applications from women are particularly welcome. The same applies to people with disabilities. Your application (in English only) should include: motivation letter, CV, copy of degree certificate and proof of English language skills. Complete applications should be sent to Interested? And you want to know more about it? Please contact: Prof. Dr. Christof Fetzer

    Closing date for applications:

    Contact: Prof. Dr. Christof Fetzer


    08 May 2022

    University of Warsaw
    Job Posting Job Posting
    Warsaw Doctoral School of Mathematics and Computer Science is looking for Ph.D. students. If you are interested in doing a Ph.D. in cryptography or blockchain at the University of Warsaw please contact Stefan Dziembowski (

    Closing date for applications:

    Contact: Stefan Dziembowski

    More information:

    Spanish National Research Council
    Job Posting Job Posting
    The Research group on Cryptology and Information Security (GiCSI) of the Spanish National Research Council is seeking highly motivated professionals in applying for the Comfuturo call ( to conduct research in the area of cryptographic privacy-enhancing technologies, blockchain-based protocols and security protocols. ComFuturo is a 60-month programme that offers 15 ComFuturo 36-month fellowships to Experienced Researchers of any nationality who have obtained their PhD in the last 10 years and who have not resided or carried out their main activity (work or studies) in Spain for more that 12 months in the last 3 years. The ComFuturo fellows will be selected through a single call and an objective and transparent process which will include an external evaluation. The Spanish National Research Council will recruit, hire and host them. The gross salary is estimated to be around 39.000 - 43.000 €/year. The Research Group in Cryptography and Security is looking for candidates with interest in working in applied cryptography and collaborate with the on-goin H2020 SPIRS project ( and the Horizon Euroep GOIT project ( Horizon_2021_Coordination_and_Support_Action_(CSA)_proposal). Candidates interested in conducting research in quantum-safe cryptography are also welcomed.

    Closing date for applications:


    More information:

    Luxembourg Institute of Science and Technology, Luxembourg
    Job Posting Job Posting
    LIST is looking for a highly motivated candidate with proven skills in healing the security issues that befall modern software during its development lifecycle, to work on a research project funded by EC with a three-years duration. The recently introduced area of DevSecOps - in medium to large companies - unfortunately lacks automated security tools, while most existing solutions are targeting only one narrow step of the software development lifecycle (SDLC) process but miss a much-needed holistic overview of the global security solution. In this context, the LAZARUS project innovates by intervening in multiple steps of the SDLC, performing targeted security checks and collecting valuable information and intelligence from each step, and exploiting advanced ML and AI methods to convert this intelligence into actionable insights and recommendations. The specific missions of the candidate will include, but are not limited to, participating into the following activities along the project partners:

    (1) To predict software security defects before deployment and prevent security breaches.

    (2) To develop a set of algorithms that allow quantifying software exploitability and facilitate the work of correcting its errors.

    (3) To develop and apply new model-checking techniques to verify the security of software.

    (4) To specify and develop two workflow-disruptive techniques which leverages Intel SGX enclave trusted but with the lowest impact on the software lifecycle and on its performance.

    (5) To implement and test the developed solutions.

    (6) To develop ex-ante information security policies for the demonstration and implement periodic reviews to objectively evaluate adherence to the policies.

    Closing date for applications:

    Contact: Dr. Qiang Tang (

    IO Global, remote working opportunity
    Job Posting Job Posting
    IOG is a leading company in the crypto industry. We are designing and implementing different blockchains using Proof of Work, Proof of Stake, and permissioned BFT.

    We are leaders in the research field, with more than a hundred research papers published in the most influential cryptography conferences and journals (NDSS, ICDCS, EUROCRYPT, CRYPTO, SODA, ACM CCS, Financial Cryptography, ESORICS, S&P, Euro S&P, etc).

    Your mission

    • Define short, mid, and long term roadmaps for implementation of cryptographic primitives
    • Synchronize with the Director of Engineering (or, by default, the CTO) to validate the roadmap, requirements, and strategy for the cryptographic engineering team
    • Define and structure the team that is required to satisfy this roadmap
    • Provide secure implementations of the cryptographic primitives required by IO projects
    • Read and review cryptographic research papers and contribute when possible to implement them as prototypes
    • Design, specify, implement, and improve cryptographic primitives in production-grade software directly or delegate to and supervise the applied cryptographers in charge of it
    • Review, integrate, and improve common cryptographic primitives, and translate them to other programming languages or delegate/supervise the applied cryptographers in charge of it.

    • A STEM Master’s or PhD degree
    • Solid experience in managing small teams of cryptographic engineers
    • Solid understanding of cryptography, its basic theories, and uses
    • Senior expertise in developing cryptographic primitives in C/C++ and Rust
    • Senior expertise in standard cryptography domains
    • Ability to learn new domains like zero-knowledge proofs and MPC and project innovation roadmaps
    • Clear understanding and experience of implementing cryptographic primitives delivered by researchers
    Please apply via the attached job board link (further details on website).

    Closing date for applications:

    Contact: Aadil S.

    More information:

    Lund University
    Job Posting Job Posting
    Passionate about Cryptography? Want to keep doing research while receiving a good pay? Come and join us as a Post Doctoral Fellow at Lund University! 😎

    The Deal: Come here, do good research, share your knowledge. We'll pay you and help you shape your career towards your next goal! For further, official details, follow the link in the ad title.
    Eyebird view of your role: You will be part of the research ecosystems around the SSF project SMARTY: Secure Software Update Deployment for the Smart City (RIT17-0035). This will give you access to an exciting workplace where you can foster research in collaboration with your new colleagues. As you'll be joining the security section of the SMARTY team, you will work with one senior researcher (Elena Pagnin) and one PhD student towards the following goals:
    • Improving the efficiency of PQ primitives to better suit modern resourceful IoT devices.
    • Investigating the potential of lightweight MPC for networks of IoT devices.
    • Advancing the research frontiers in PETs, VC, and in other cryptographic schemes suitable for real-time system.
    To help you gain experience, you will be given significant research autonomy, and the chance to influence the final outcome of the project. Moreover, if you'd like to develop other skills, you can aid in the supervision of PhD students and Masters' projects, teaching at Masters' and PhD level, and take career-development courses offered by Lund University.
    Funding & Timing: You get a 2-year, full-time employment as a Postdoctor at Lund university. The position is available immediately and with a flexible start date. There is an option to renew the contract for 1 additional year subject to acquiring funding (either by the candidate or by the host).

    Closing date for applications:

    Contact: Applications only via the official link:

    More information:


    04 May 2022

    Job Posting Job Posting
    Passionate about cryptography? Want to work on designing, reviewing and implementing cryptography to solve impactful security and privacy problems? Follow the link or contact me directly!

    Closing date for applications:

    Contact: ysierra (at)

    More information:

    QPQ Global
    Job Posting Job Posting
    Are you an Applied Cryptologist that has a track record in the implementation of products with fundamental cryptology features? Do you have a relevant Master and coding experience in the area of Applied Cryptology? Do you want to design, code and co-invent the next generation of Distributed Systems protocols? At QPQ, we are building the Internet of Economics, a new approach to a compliant and regulated financial systems infrastructure.

    What do we give you?
    • A stimulating, Socratic intellectual environment.
    • Hybrid office approach – we have been a distributed workforce from the start. This role is centred around our European axis, so we expect you to live within +/- 3 hours of CET. We get together a complete team every quarter, so you must be willing to travel and embrace being part of a diverse team drawn from many walks of life and cultures.
    • Good salary, travel expense budget and many future opportunities to participate in the company’s growth.
    • The mother of all intellectual challenges!

    • implement and embed in products cryptographic protocols in the privacy space.
    • Working with a multi-faceted team of practitioners on a set of blockchain-based privacy protocols interacting with the DeFi space and providing compliance with financial regulations.
    • Focus on zero knowledge schemes which provide privacy and compliance.

    • MSc or multi-year experience in cryptography or a closely related field.
    • Knowledge of modern cryptographic primitives.
    • Be able to productize protocols/schemes/algorithms in at least one relevant programming language (C++ or Rust desirable).
    • General understanding of full-stack system architecture.
    • Have a thorough approach and be committed to high quality output. Have prior research/code already published in the space.
    - Excellent communication and collaboration skills.

    Closing date for applications:


    ◄ Previous Next ►