International Association
for Cryptologic Research

Private set operations allow two parties perform secure computation on two private sets, such as intersection or union related functions. In this paper, we identify a framework for performing private set operations. At the technical core of our framework is multi-query reverse private membership test (mqRPMT), which is a natural extension of RPMT recently proposed by Kolesnikov et al. (ASIACRYPT 2019). In mqRPMT, a client with set $X = (x_1, \dots, x_n)$ interacts with a server holding a set $Y$. As a result, the server only learns a bit vector $(e_1, \dots, e_n)$ indicating whether $x_i \in Y$ but without knowing the value of $x_i$, while the client learns nothing. We present two constructions of mqRPMT from newly introduced cryptographic primitive and protocol. One is is based on commutative weak pseudorandom function (cwPRF), the other is based on permuted oblivious pseudorandom functions (pOPRF). Both cwPRF and pOPRF can be instantiated from the decisional Diffie-Hellman like assumptions in the random oracle model. We also introduce a slight weak version of mqRPMT dubbed mqRPMT$^*$, in which the client learns the cardinality of $X \cup Y$. We show mqRPMT$^*$ can be build from a category of mqPMT called Sigma-mqPMT, which in turn can be realized from the DDH assumption or oblivious polynomial evaluation. This makes the first step towards establishing the relation between the two building blocks.

We demonstrate the practicality of our framework with implementations. By plugging our cwPRF-based mqRPMT to the general framework, we obtain the first PSU protocol with strict linear complexity. For input sets of size $2^{20}$, the resulting PSU protocol requires roughly 80 MB bandwidth, and 50 seconds using 8 threads. To the best of our knowledge, it requires the least communication among all the known PSU protocols. By plugging our FHE-based mqRPMT$^*$ to the general framework, we obtain a PSU$^*$ suitable for unbalanced setting, whose communication complexity is linear in the size of the smaller set, and logarithmic in the larger set.

Mysten Labs is looking for 2 interns in blockchain cryptography with a focus in any of the following topics: Private NFTs, Anonymous Transactions, Key Loss Protection, Multi-Signatures and Zero Knowledge Proofs.

Successful applicants will work closely with experts in both academia and industry including George Danezis, Konstantinos Chalkias, Foteini Baldimtsi, Alberto Sonnino, François Garillot, Sam Blackshear, Lefteris Kokoris-Kogias, while enjoying a high degree of ownership & autonomy in working conditions & task prioritization.

Ideal candidate expectations:
- PhD or PostDoc researcher - or - engineer in cryptography, software security or distributed systems.

- at least one publication in any of the top cryptography, privacy and security conferences, such as: CCS, S&P, CRYPTO, USENIX SECURITY, EUROCRYPT, ASIACRYPT, NDSS, FC, AsiaCCS, EUROS&P, PETS, CT-RSA, ESORICS etc.

- Understanding of fundamental cryptographic schemes & underlying math for any of the following: hash functions, finite field arithmetic, polynomials (FFT) & elliptic curves, bilinear pairings, threshold signatures.

- Experience implementing high-performance & parallelizable protocols in languages such as Rust, Go, Java, or C/C++, and Github portfolio or productionized implementation will be a plus.

Our team is 100% remote & we are hiring across the world. Here at Mysten Labs, you’ll be joining a world class team with tremendous growth potential. We raised our 1st funding round ($36m series A) from top Silicon Valley VCs led by Andreessen Horowitz (a16z) with participation from Redpoint, Lightspeed, Coinbase Ventures, Electric Capital, Standard Crypto, NFX, Slow Ventures, Scribble Ventures, Samsung Next, Lux Capital etc.

HOW TO APPLY: Applicants are invited to e-mail their CV (use title: Summer 2022 Cryptography Internship) to jobs@mystenlabs.com

Closing date for applications:

Contact: Kostas Chalkias (Chief Cryptographer)

We are looking for a cryptography engineer who will be part of the Blockchain Technology Security Group to build foundational services for JP Morgan distributed ledger technology initiatives. In this role, you will be designing and coding security components and applications. You will have the exciting challenge of working on cutting-edge technology and building enterprise solutions that cater to all the lines of business. You’ll work in a collaborative, trusting, thought-provoking environment—one that encourages diversity of thought and creative solutions that are in the best interests of our customers globally

 

Qualifications

• Experience as applied cryptographer
• Experience with OpenSSL /TLS API; threading and socket programming in Linux, HSMs, and PKCS #11
• Solid understanding of Linux OS with strong knowledge of object oriented programming; specifically high-level languages such as Java, Python, Go, and node.js, C, C++ and Bash
• Familiar/Experience building solutions for digital assets and distributed ledger technology (blockchain) with focus on algorithms and data structures
• Desirable: Experience with multi-party computation (MPC) & HSMs and custody crypto assets

Closing date for applications:

Contact: France Law (france.law@jpmchase.com)

We have a Chair of Junior Professor at Telecom Paris, Institut Polytechnique de Paris, the priority themes for this position are cryptography, data protection, network security, and software security. This 5-year contract Chair has several advantages: a maximum teaching load of 64h per year; associated funding of 320 K€ available at the start of the work; competitive salary; no requirement of the French language; after a 5-year contract, the junior professor can be directly appointed as a Full professor (a permanent, tenured position). Application deadline: August 31, 2022. More information on this position: https://institutminestelecom.recruitee.com/l/en/o/chaire-de-professeur-ou-professeure-junior-en-securite-des-grandes-infrastructures-numeriques-a-telecom-paris

Closing date for applications:

Contact: Hieu Phan (hieu.phan@telecom-paris.fr)

More information: https://institutminestelecom.recruitee.com/l/en/o/chaire-de-professeur-ou-professeure-junior-en-securite-des-grandes-infrastructures-numeriques-a-telecom-paris

In this paper, we design secure multi-party computation (MPC) protocols in the asynchronous communication setting with optimal resilience. Our protocols are secure against a computationally-unbounded malicious adversary, characterized by an adversary structure $\mathcal{Z}$, which enumerates all possible subsets of potentially corrupt parties. Our protocols incur a communication of $\mathcal{O}(|\mathcal{Z}|^2)$ and $\mathcal{O}(|\mathcal{Z}|)$ bits per multiplication for perfect and statistical security respectively. These are the first protocols with this communication complexity, as such protocols were known only in the synchronous communication setting (Hirt and Tschudi, ASIACRYPT 2013).

We consider the use of supersingular abelian surfaces in cryptography. Several generalisations of well-known cryptographic schemes and constructions based on supersingular elliptic curves to the 2-dimensional setting of superspecial abelian surfaces have been proposed. The computational assumptions in the superspecial 2-dimensional case can be reduced to the corresponding 1-dimensional problems via a product decomposition by observing that every superspecial abelian surface is non-simple and separably isogenous to a product of supersingular elliptic curves. Instead, we propose to use supersingular non-superspecial isogeny graphs where such a product decomposition does not have a computable description via separable isogenies. We study the advantages and investigate security concerns of the move to supersingular non-superspecial abelian surfaces.

Side-stepping the protection provided by cryptography, exfiltration attacks are becoming a considerable real-world threat. With the goal of mitigating the exfiltration of cryptographic keys, big-key cryptosystems have been developed over the past few years. These systems come with very large secret keys which are thus hard to exfiltrate. Typically, in such systems, the setup time must be large as it generates the large secret key. However, subsequently, the encryption and decryption operations, that must be performed repeatedly, are required to be efficient. Specifically, the encryption uses only a small public key and the decryption only accesses small ciphertext-dependent parts of the full secret key. Nonetheless, these schemes require decryption to have access to the entire secret key. Thus, using such big-key cryptosystems necessitate that users carry around large secret keys on their devices, which can be a hassle and in some cases might also render exfiltration easy.

With the goal of removing this problem, in this work, we initiate the study of big-key identity-based encryption (bk-IBE). In such a system, the master secret key is allowed to be large but we require that the identity-based secret keys are short. This allows users to use the identity-based short keys as the ephemeral secret keys that can be more easily carried around and allow for decrypting ciphertexts matching a particular identity, e.g. messages that were encrypted on a particular date. In particular:

-We build a new definitional framework for bk-IBE capturing a range of applications. In the case when the exfiltration is small our definition promises stronger security --- namely, an adversary can break semantic security for only a few identities, proportional to the amount of leakage it gets. In contrast, in the catastrophic case where a large fraction of the master secret key has been ex-filtrated, we can still resort to a guarantee that the ciphertexts generated for a randomly chosen identity (or, an identity with enough entropy) remain protected. We demonstrate how this framework captures the best possible security guarantees.

-We show the first construction of such a bk-IBE offering strong security properties. Our construction is based on standard assumptions on groups with bilinear pairings and brings together techniques from seemingly different contexts such as leakage resilient cryptography, reusable two-round MPC, and laconic oblivious transfer. We expect our techniques to be of independent interest.

We focus on the problem of Dynamic Searchable Encryption (DSE) with efficient (optimal/quasi-optimal) search in the presence of deletions. Towards that end, we first propose OSSE, the first DSE scheme that can achieve asymptotically optimal search time, linear to the result size and independent of any prior deletions, improving the previous state of the art by a multiplicative logarithmic factor. We then propose our second scheme LLSE, that achieves a sublogarithmic search overhead ($\log\log i_w$, where $i_w$ is the number or prior insertions for a keyword) compared to the optimal achieved by OSSE. While this is slightly worse than our first scheme, it still outperforms prior works, while also achieving faster deletions and asymptotically smaller server storage. Both schemes have standard leakage profiles and are forward-and-backward private. Our experimental evaluation is very encouraging as it shows our schemes consistently outperform the prior state-of-the-art DSE by $1.3$-$6.4\times$ in search computation time, while also requiring just a single roundtrip to receive the search result. Even compared with prior simpler and very efficient constructions in which all deleted records are returned as part of the result, our OSSE achieves better performance for deletion rates ranging from 45-55%, while the previous state-of-the-art quasi-optimal scheme achieves this for 65-75% deletion rates.

In this paper, we present the quantum implementation and analysis of the recently proposed block cipher, DEFAULT. DEFAULT is consisted of two components, namely DEFAULT-LAYER and DEFAULT-CORE. Two instances of DEFAULT-LAYER is used before and after DEFAULT-CORE (the so-called `sandwich construction').

We discuss about the the various choices made to keep the cost for the basic quantum circuit and that of the Grover's oracle search, and compare it with the levels of quantum security specified by the United States' National Institute of Standards and Technology (NIST). All in all, our work nicely fits in the research trend of finding the possible quantum vulnerability of symmetric key ciphers.

In 1986, A.Yao introduced the notion of garbled circuits, designed to verify the correctness of computations performed on an untrusted server. However, correctness is guaranteed for only one input, meaning that a new garbled circuit must be created for each new input. To address this drawback, in 2010 Gennaro et al. performed the evaluation of the garbled circuit homomorphically using Fully Homomorphic Encryption scheme, allowing to reuse the same garbled circuit for new inputs. Their solution requires to encrypt the garbled circuit at every new input. In this paper, we propose a verifiable-computation scheme allowing to verify the correctness of computations performed by an untrusted server for multiple inputs, where the garbled circuit is homomorphically encrypted only once. Hence, we have a faster scheme comparing to Gennaro’s solution, since for each new input, we reduce the computations by the size of the circuit representing the function to be computed, for the same security level. The key point to obtain this speed-up is to rely on Multi-Key Homomorphic Encryption (MKHE) and then to encrypt only once the garbled circuit.

Secure multi-party computation (MPC) protocols that are resilient to a dishonest majority allow the adversary to get the output of the computation while, at the same time, forcing the honest parties to abort. Aumann and Lindell introduced the enhanced notion of security with identifiable abort, which still allows the adversary to trigger an abort but, at the same time, it enables the honest parties to agree on the identity of the party that led to the abort. More recently, in Eurocrypt 2016, Garg et al. showed that, assuming access to a simultaneous message exchange channel for all the parties, at least four rounds of communication are required to securely realize non-trivial functionalities in the plain model.

Following Garg et al., a sequence of works has matched this lower bound, but none of them achieved security with identifiable abort. In this work, we close this gap and show that four rounds of communication are also sufficient to securely realize any functionality with identifiable abort using standard and generic polynomial-time assumptions. To achieve this result we introduce the new notion of bounded-rewind secure MPC that guarantees security even against an adversary that performs a mild form of reset attacks. We show how to instantiate this primitive starting from any MPC protocol and by assuming trapdoor-permutations.

The notion of bounded-rewind secure MPC allows for easier parallel composition of MPC protocols with other (interactive) cryptographic primitives. Therefore, we believe that this primitive can be useful in other contexts in which it is crucial to combine multiple primitives with MPC protocols while keeping the round complexity of the final protocol low.

Eindhoven University of Technology (TU/e), our Coding Theory and Cryptology (CC) group of the Discrete Mathematics (DM) cluster of the Department of Mathematics and Computer Science (M&CS) are looking for an (tenure-track) assistant professor in Cryptology. This vacancy is part of the Irène Curie Fellowship and is currently only open for female candidates.

The position will be part of the Coding Theory and Cryptology (CC) group, within the Discrete Mathematics (DM) cluster. The other group in DM is Discrete Algebra and Geometry. The CC group consists of one full professor (Lange), two associate professors (Schoenmakers and de Weger), and three assistant professors (Hülsing Ravagnani, and Schäge). CC provides undergraduate and graduate courses in cryptology, coding theory, algebra and number theory, as well as service teaching.

The ideal candidate has research experience complementing the existing strengths in CC and a background in mathematics but candidates from all areas of cryptology are encouraged to apply.

We look forward to your application and will screen it as soon as we have received it. Screening will continue until the position has been filled. We expect the first round of interviews in early July, so apply before June 20 to be considered in this round.

Closing date for applications:

Contact: Tanja Lange

More information: https://jobs.tue.nl/nl/vacature/assistant-professor-in-cryptology-936431.html

Event date: 10 July to 14 July 2023

Event date: 1 August to 4 August 2022

In previous years there has been an increased interest in designing threshold signature schemes. Most of the recent works focus on constructing threshold versions of ECDSA or Schnorr signature schemes due to their appealing usage in blockchain technologies. Additionally, a lot of research is being done on cryptographic schemes that are resistant against quantum computer attacks. Presently, the most popular family of post-quantum algorithms is lattice-based cryptography, because its structure allows creation of cryptographic protocols that go beyond encryption and digital signature schemes.

In this work, we propose a new version of the two-party Crystals-Dilithium signature scheme. The security of our scheme is based on the hardness of Module-LWE and Module-SIS problems. In our construction, we follow a similar logic as Damgård et al. (PKC 2021) and use an additively homomorphic commitment scheme. However, compared to them, our protocol uses signature compression techniques from the original Crystals-Dilithium signature scheme which makes it closer to the version submitted to the NIST PQC

In this study, we accelerate Matsui's search algorithm to search for the best differential and linear trails of AES-like ciphers. Our acceleration points are twofold. The first exploits the structure and branch number of an AES-like round function to apply strict pruning conditions to Matsui's search algorithm. The second employs permutation characteristics in trail search to reduce the inputs that need to be analyzed. We demonstrate the optimization of the search algorithm by obtaining the best differential and linear trails of existing block ciphers: AES, LED, MIDORI-64, CRAFT, SKINNY, PRESENT, and GIFT. In particular, our search program finds the full-round best differential and linear trails of GIFT-64 (in approx. 1 s and 10 s) and GIFT-128 (in approx. 89 h and 452 h), respectively. For a more in-depth application, we leverage the acceleration to investigate the optimal DC/LC resistance that GIFT-variants, called BOGI-based ciphers, can achieve. To this end, we identify all the BOGI-based ciphers and reduce them into 41,472 representatives. Deriving 16-, 32-, 64-, and 128-bit BOGI-based ciphers from the representatives, we obtain their best trails until 15, 15, 13, and 11 rounds, respectively. The investigation shows that 12 rounds are the minimum threshold for a 64-bit BOGI-based cipher to prevent efficient trails for DC/LC, whereas GIFT-64 requires 14 rounds. Moreover, it is shown that GIFT can provide better resistance by only replacing the existing bit permutation. Specifically, the bit permutation variants of GIFT-64 and GIFT-128 require fewer rounds, one and two, respectively, to prevent efficient differential and linear trails.

The introduction of Statistical Ineffective Fault Attacks (SIFA) has led to a renewed interest in fault attacks. SIFA requires minimal knowledge of the concrete implementation and is effective even in the presence of common fault or power analysis countermeasures. However, further investigations reveal that undesired and frequent ineffective events, which we refer to as the noise phenomenon, are the bottleneck of SIFA that can considerably diminish its strength. This includes noise associated with the attack’s setup and caused by the countermeasures utilized in the implementation. This research aims to address this significant drawback. We present two novel statistical fault attack variants that are far more successful in dealing with these noisy conditions. The first variant is the Statistical Effective Fault Attack (SEFA), which exploits the non-uniform distribution of intermediate variables in circumstances when the induced faults are effective. The idea behind the second proposed method, dubbed Statistical Hybrid Fault Attacks (SHFA), is to take advantage of the biased distributions of both effective and ineffective cases simultaneously. Our experimental results in various case studies, including noise-free and noisy setups, back up our reasoning that SEFA surpasses SIFA in several instances and that SHFA outperforms both or is at least as efficient as the best of them.

Event date: to
Submission deadline: 1 September 2022
Notification: 15 January 2023

Event date: 4 July to 8 July 2022

Cryptography, Security & Privacy Research Group at Koç University has one opening at the post-doctoral researcher level. Accepted applicants may receive competitive salary, housing (accommodation) support, health insurance, computer, travel support, and lunch meal card.

Your duties include performing research on cryptography, security, and privacy in line with our research group's focus, as well as directing graduate and undergraduate students in their research and teaching. The project funding is related to cryptography, game theory and mechanism design, and blockchain technologies.

Applicants are expected to have already obtained their Ph.D. degrees in Computer Science or related discipline with a thesis topic related to the duties above.

For more information about joining our group and projects, visit

https://crypto.ku.edu.tr/work-with-us/

Submit your application via email including

• full CV,
• transcripts of all universities attended,
• 1-3 sample publications where you are the main author,
• a detailed research proposal,
• 2-3 reference letters sent directly by the referees.

Application and start dates are flexible.

Closing date for applications:

Contact: Assoc. Prof. Alptekin Küpçü
https://member.acm.org/~kupcu

More information: https://crypto.ku.edu.tr/work-with-us/