International Association
for Cryptologic Research

Symbolic security protocol verifiers have reached a high degree of automation and maturity. Today, experts can model real-world protocols, but this often requires model-specific encodings and deep insight into the strengths and weaknesses of each of those tools. With Sapic+ , we introduce a protocol verification platform that lifts this burden and permits choosing the right tool for the job, at any development stage. We build on the existing compiler from Sapic to Tamarin, and extend it with automated translations from Sapic+ to ProVerif and DeepSec, as well as powerful, protocol-independent optimizations of the existing translation. We prove each part of these translations sound. A user can thus, with a single Sapic+ file, verify reachability and equivalence properties on the specified protocol, either using ProVerif, Tamarin or DeepSec. Moreover, the soundness of the translation allows to directly assume results proven by another tool which allows to exploit the respective strengths of each tool. We demonstrate our approach by analyzing various existing models. This includes a large case study of the 5G authentication protocols, reviously analyzed in Tamarin. Encoding this model in Sapic+ we demonstrate the effectiveness of our approach. Moreover, we study four new case studies: the LAKE and the Privacy-Pass [20] protocols, both under standardization, the SSH protocol with the agent-forwarding feature, and the recent KEMTLS [45] protocol, a post-quantum version of the main TLS key exchange.

Technology Innovation Institute (TII) is a publicly funded research institute, based in Abu Dhabi, United Arab Emirates. It is home to a diverse community of leading scientists, engineers, mathematicians, and researchers from across the globe, transforming problems and roadblocks into pioneering research and technology prototypes that help move society ahead.

Cryptography Research Centre

In our connected digital world, secure and reliable cryptography is the foundation of digital information security and data integrity. We address the world’s most pressing cryptographic questions. Our work covers post-quantum cryptography, lightweight cryptography, cloud encryption schemes, secure protocols, quantum cryptographic technologies and cryptanalysis.

Position: Cryptography / Cybersecurity Engineer

Analyze project requirements and provide technical and functional recommendations

Implement cryptographic libraries and security frameworks

Design and implement building blocks for cloud computing and machine learning applications

Skills required for the job

Knowledge on cryptography and cybersecurity

2+ years of work experience. (Senior Position also available for 5+ years experience)

Excellent with C, C++, Python, (JAVA and Rust will be valuable as well)

Solid engineering practices and processes, such as development and testing methodology and documentation (experience with tools Git, JIRA, SonarQube is valuable)

Excellent with multi-tasking

Knowledge in some of the following topics will be valuable: Edge / Cloud computing - Machine learning - Identity Management - Secure protocols

Quick learner, geared towards implementation. Eager to develop new skills and willing to take ownership of projects

Qualifications

MSc or PhD degree in Cryptography, Applied Cryptography, Cybersecurity, Mathematics or Computer Science

Closing date for applications:

Contact:

Mehdi Messaoudi - Talent Acquisition Manager
Email: mehdi.messaoudi@tii.ae

More information: https://www.tii.ae/cryptography

The Cryptanalysis Taskforce at Nanyang Technological University in Singapore led by Prof. Jian Guo is seeking for candidates to fill several post-doctoral research fellow positions on symmetric-key cryptography. Topics include but are not limited to the following sub-areas:

• tool aided cryptanalysis, such as MILP, CP, STP, and SAT
• machine learning aided cryptanalysis and designs
• privacy-preserving friendly symmetric-key designs
• quantum cryptanalysis
• provable security
• cryptanalysis against SHA-2, SHA-3, and AES
• threshold cryptography

Established in 2014, the Cryptanalysis Taskforce is a group comprising of about ten PostDoc and PhD student members currently dedicated for research in symmetric-key cryptography. Since establishment, the team has been active in both publications in and services for IACR. It has done quite some cryptanalysis work on various important targets such as SHA-3 and AES, and is expanding its interests to the areas mentioned above, with strong funding support from the university, industry partners, and government agencies in Singapore. We offer globally competitive salary package with extremely low tax (around 5%), as well as excellent environment dedicating for top-venues publication orientated research in Singapore. The contract will be initially for one year, and has the possibility to be extended. Candidates are expected to have proven record of publications in IACR conferences (Asiacrypt, Crypto, Eurocrypt). Interested candidates are to send their CV and 2 reference letters to Jian Guo. Review of applicants will start immediately until the positions are filled. More information about the Cryptanalysis Taskforce research group can be found via https://team.crypto.sg

Closing date for applications:

Contact: Jian Guo, guojian@ntu.edu.sg, with subject [IACR-CATF]

More information: https://team.crypto.sg

University of Primorska (UP FAMNIT) is offering one fully-funded PhD scholarship at the Center of Cryptography under the supervision of Prof. Enes Pasalic, PhD. Research topics include Boolean functions with high nonlinearity (bent functions, AB functions, planar functions,…), linear codes, and cryptanalysis (classical and quantum).

Closing date for applications:

Contact: enes.pasalic@famnit.upr.si and nastja.cepak@iam.upr.si

More information: https://kripto.famnit.upr.si/post/yr2022/

The Ruhr area, one of Europe‘s largest metropolitan regions, is home of the University Alliance Ruhr (UAR) with 120,000 students and 14,000 researchers. In 2021, the UAR established the Research Center Trustworthy Data Science and Security (RC Trust) to enable research that connects psychology, computer science, statistics and cyber security at the intersection of technology, humans and society. The Research Center is seeking to fill the following position at the Faculty of Computer Science, Ruhr-University Bochum, Germany: Associate or Full Professorship for Fairness and Transparency (Open Rank). We welcome applicants with a strong interest in interdisciplinary research. Candidates should have an excellent track record in at least one of the following areas:

• Trustworthy Machine Learning for Privacy & Security
• FAccT (Fairness, Accountability, Transparency)
• Technology Policy, Privacy Law & Data Science
• Ethics & AI
• Human-AI Collaborative Decision Making.

The professorship will be associated with the Cluster of Excellence „CASA: Cyber Security in the Age of Large-Scale Adversaries“. In addition, we encourage collaboration with the Max Planck Institute for Security and Privacy. Appointments will be made for full professorship, or as assistant/associate professorship with tenure track to full professorship. Salaries and working conditions are internationally competitive and come with a status as civil servant. Full professorships are chair positions with phd/postdoc positions, a secretary and start up package (all negotiable). The official job add can be found here: https://www.academics.de/jobs/professorship-open-rank-w3-or-w2-tenure-track-to-w3-for-fairness-and-transparency-research-alliance-ruhr-the-research-center-trustworthy-data-science-and-security-rc-trust-bochum-1061412 . Applications are requested by July 29, 2022 to: career@casa.rub.de. Questions will be answered by Prof. Christof Paar. https://www.informatik.rub.de/en http://www.rc-trust.ai/

Closing date for applications:

Contact: Prof. Christof Paar

More information: https://www.informatik.rub.de/en

The Ruhr area, one of Europe‘s largest metropolitan regions, is home of the University Alliance Ruhr (UAR) with a community of 120,000 students and 14,000 researchers. In 2021, the UAR established the Research Center Trustworthy Data Science and Security (RC Trust) to enable research that connects psychology, computer science, statistics and cyber security at the intersection of technology, humans and society. The Research Center is seeking to fill the following position at the Faculty of Computer Science, Ruhr-University Bochum, Germany: Associate or Full Professorship for Computing and Society (Open Rank). We welcome applicants with a strong interest in interdisciplinary research. Candidates should have an excellent track record in at least one of the following areas:

• Computational Social Science
• Social Computing and Computing Mediated Collaborative Work
• Economics & Incentives in Computing and Privacy
• Usable Security.

The professorship will be associated with the Faculty of Computer Science and the Cluster of Excellence „CASA: Cyber Security in the Age of Large-Scale Adversaries“. In addition, we encourage collaboration with the Max Planck Institute for Security and Privacy. Appointments will be made for full professorship, or assistant/associate professorship with tenure track to full professorship. Salaries and working conditions are internationally very competitive and come with a status as civil servant. Full professorships are chair positions with phd/postdoc positions, a secretary and start up package (all negotiable). The official job add can be found here: https://www.academics.de/jobs/professorship-open-rank-w3-or-w2-tenure-track-to-w3-for-computing-and-society-research-alliance-ruhr-the-research-center-trustworthy-data-science-and-security-rc-trust-bochum-1061414 . Applications are requested by July 29, 2022 to: career@casa.rub.de. Questions will be answered by Prof. Christof Paar. https://www.informatik.rub.de/en http://www.rc-trust.ai/

Closing date for applications:

Contact: Prof. Christof Paar

More information: https://www.informatik.rub.de/en

This is an exciting opportunity to join the University of Birmingham’s Centre for Cyber Security and Privacy on the EPSRC-funded project ‘CAP-TEE: Capability Architectures in Trusted Execution’.

In this project, we use capability architectures (as e.g. developed by the CHERI project) to protect TEEs against such state-of-the-art attacks. We address a wide range of threats from software vulnerabilities such as buffer overflows to sophisticated hardware attacks like fault injection. CAP-TEE will provide a strong, open-source basis for the future generation of more secure TEEs.

You'll be working on state-of-the-art hardware prototypes like the ARM Morello board.

We're looking for a candidate with a PhD or equivalent industry experience e.g. in cyber security, computer science, or electrical engineering. You should have strong experience in writing system level or low-level code in programming languages such as C, C++, or Rust. Experience in a relevant area such as embedded systems, automotive security, binary analysis, or fuzzing would be a strong asset.

For informal enquiries, contact Prof David Oswald (d.f.oswald@bham.ac.uk). To apply online until 30 June 2022, use the following URL:
https://bham.taleo.net/careersection/external/jobdetail.ftl?job=2200011F&tz=GMT%2B01%3A00&tzname=Europe%2FLondon

Closing date for applications:

Contact: Prof David Oswald
Email: d.f.oswald@bham.ac.uk
Twitter: @sublevado

More information: https://bham.taleo.net/careersection/external/jobdetail.ftl?job=2200011F&tz=GMT%2B01%3A00&tzname=Europe%2FLondon

We are looking for a highly motivated candidate with proven skills in security and privacy-preserving machine learning to work on a research project funded by FNR (Luxembourg) and ANR (France). The ongoing deployment of new communication technologies related to 5G opens new doors to the implementation of cooperative, connected and automated mobility applications. However, more time is needed before all these technologies are fully deployed and with a satisfactory level of security and privacy. This is even more critical in cross-border areas such as between Luxembourg and France, where a large number of attacks (e.g., related to roaming) may arise. In this context, the main mission of the candidate will be to design and evaluate machine learning based attack detection solutions based on network traffic data generated by a vehicular network (V2X).

The position is initially for one year and can be extended to more years, with a possibility to become a permanent one. More information is here: https://app.skeeled.com/offer/626f93074cdf6edb5e80e400?utm_id=60fed4c509c80d16d1bbe536&utm_medium=OFFERS_PORTAL&language=en&show_description=true

Closing date for applications:

Contact: Dr. Qiang Tang (qiang.tang@list.lu)

Job Description

The interdisciplinary research group SECUSO (Security - Usability - Society) is offering a research associate position. The research group is active in various areas of Human Factors in Security & Privacy. Awareness and training measures as well as usable tools and interfaces are designed, developed, and evaluated. To this end, various – primarily empirical – methods are used as part of the “Human Centered Security & Privacy by Design” approach. Current topics include cookie banners, authentication on AR/VR glasses, verifiable online voting systems, notification studies, security UI patterns, and explainability of security solutions and guarantees.

You will conduct research in the field of Human Factors in Security & Privacy. This includes, for example, the conducting interviews, focus groups, online/laboratory or field studies. The results of your research will then be published and presented at international conferences. In addition to research work, you will also be involved in teaching activities and scientific administration, which also includes the organization of events.

Personal Qualification

You have a degree (Master/Diploma (University)) in computer science, business informatics, media informatics, industrial engineering, mathematics, communication sciences, psychology, or related areas. You have attended lectures on security or usability and you are interested in the research area Human Factors in Security & Privacy and have already gained experience in interdisciplinary work. Furthermore, you convince with a high level of self-motivation and the ability to work in a team. Programming experience in the context of creating mockups and experience in conducting qualitative and quantitative studies is an advantage. Very good written and spoken German and English skills complete your profile.

Salary category 13, depending on the fulfillment of professional and personal requirements.

Closing date for applications:

Contact: Prof. Dr. Melanie Volkamer, phone: 0721 608-45045

More information: https://www.pse.kit.edu/english/karriere/joboffer.php?id=145583

Area of Specialization: Theory of Cryptography, Theory and Practice of Cybersecurity, Theoretical Computer Science, Theory of Algorithms, Theory of Computational Complexity, Programming Theory, Software Verification Theory, Blockchain Technology, Network Security, etc.
Job Description: Research and education at Department of Mathematical and Computing Science. Assigned tasks on management of the department.

Closing date for applications:

Contact: Keisuke Tanaka, Professor, Associate Chair of Department of Mathematical and Computing Science, School of Computing (Email: keisuke@is.titech.ac.jp)

More information: https://jrecin.jst.go.jp/seek/SeekJorDetail?fn=3&dt=1&id=D122060173&ln_jor=1

Public-key authentication in SSH reveals more information about the participants' keys than is necessary. (1) The server can learn a client's entire set of public keys, even keys generated for other servers. (2) The server learns exactly which key the client uses to authenticate, and can further prove this fact to a third party. (3) A client can learn whether the server recognizes public keys belonging to other users. Each of these problems lead to tangible privacy violations for SSH users.

In this work we introduce a new public-key authentication method for SSH that reveals essentially the minimum possible amount of information. With our new method, the server learns only whether the client knows the private key for some authorized public key. If multiple keys are authorized, the server does not learn which one the client used. The client cannot learn whether the server recognizes public keys belonging to other users. Unlike traditional SSH authentication, our method is fully deniable. Our new method also makes it harder for a malicious server to intercept first-use SSH connections on a large scale.

Our method supports existing SSH keypairs of all standard flavors — RSA, ECDSA, EdDSA. It does not require users to generate new key material. As in traditional SSH authentication, clients and servers can use a mixture of different key flavors in a single authentication session.

We integrated our new authentication method into OpenSSH, and found it to be practical and scalable. For a typical client and server with at most 10 ECDSA/EdDSA keys each, our protocol requires 9 kB of communication and 12.4 ms of latency. Even for a client with 20 keys and server with 100 keys, our protocol requires only 12 kB of communication and 26.7 ms of latency.

Updatable Encryption (UE) allows to rotate the encryption key in the outsourced storage setting while minimizing the bandwith used. The server can update ciphertexts to the new key using a token provided by the client. UE schemes should provide strong confidentiality guarantees against an adversary that can corrupt keys and tokens.

This paper solves three open problems in ciphertext-independent post-quantum UE. First, we propose the first two post-quantum CCA secure UE schemes, solving an open problem left by Jiang at Asiacrypt 2020. Second, our three UE schemes are the first post-quantum schemes that support an unbounded number of updates. Third, the security of our three schemes is based on three different problems which are not lattice problems, whereas the two prior post-quantum UE schemes are both based on LWE.

We do so by studying the problem of building UE in the group action framework. We introduce a new notion of Mappable Effective Group Action (MEGA) and show that we can build UE from a MEGA by generalizing the SHINE construction of Boyd et al. at Crypto 2020. We propose two post-quantum instantiations of our UE scheme using some recent group action constructions. Isogeny-based group actions are the most studied post-quantum group actions. Unfortunately, the resulting group actions are not mappable. We show that we can still build UE from isogenies by introducing a new algebraic structure called Effective Triple Orbital Group Action (ETOGA). We prove that UE can be built from an ETOGA and show how to instantiate this abstract structure from isogeny-based group actions.

Homomorphic Encryption (HE) is a very attractive solution to ensure privacy when outsourcing confidential data to the cloud, as it enables computation on the data without decryption. As the next step, searching this homomorphic data becomes necessary to navigate it in the server. In this paper, we propose a novel algorithm to search homomorphically encrypted data outsourced to an untrusted server and shared with multiple users. We optimize the steps involved in the process to reduce the number of rounds of communication. We use an order-preserving encoding to batch the data with multi-key HE cryptosystems to reduce the multiplicative depth of the equality circuits and enable direct comparison. Further, we use LEAF to retrieve indices securely, and SealPIR to retrieve the values obliviously to the user. Overall, we provide an efficient end-to-end framework for searching shared data in a semi-honest server.

In this work, we present a systematic study of Side-Channel Attacks (SCA) and Fault Injection Attacks (FIA) on structured lattice-based schemes, with main focus on Kyber Key Encapsulation Mechanism (KEM) and Dilithium signature scheme, which are leading candidates in the NIST standardization process for Post-Quantum Cryptography (PQC). Through our study, we attempt to understand the underlying similarities and differences between the existing attacks, while classify them into different categories. Given the wide-variety of reported attacks, simultaneous protection against all the attacks requires to implement customized protections/countermeasures for both Kyber and Dilithium. We therefore present a range of customized countermeasures, capable of providing defenses/mitigations against existing SCA/FIA. Amongst the presented countermeasures, we propose two novel countermeasures to protect Kyber KEM against SCA and FIA assisted chosen-ciphertext attacks. We implement the presented countermeasures within two well-known public software libraries for PQC - (1) pqm4 library for the ARM Cortex-M4 based microcontroller and (2) liboqs library for the Raspberry Pi 3 Model B Plus based on the ARM Cortex-A53 processor. Our performance evaluation reveals that the presented custom countermeasures incur reasonable performance overheads, on both the evaluated embedded platforms. We therefore believe our work argues for usage of custom countermeasures within real-world implementations of lattice-based schemes, either in a standalone manner, or as reinforcements to generic countermeasures such as masking.

This work surveys mathematical aspects of division property, which is a state of the art technique in cryptanalysis of symmetric-key algorithms, such as authenticated encryption, block ciphers and stream ciphers. It aims to find integral distinguishers and cube attacks, which exploit weakness in the algebraic normal forms of the output coordinates of the involved vectorial Boolean functions. Division property can also be used to provide arguments for security of primitives against these attacks.

The focus of this work is a formal presentation of the theory behind the division property, including rigorous proofs, which were often omitted in the existing literature. This survey covers the two major variants of division property, namely conventional and perfect division property. In addition, we explore relationships of the technique with classic degree bounds.

We describe a new paradigm for multi-party private set intersection cardinality (PSI-CA) that allows n parties to compute the intersection size of their datasets without revealing any additional information. We explore a variety of instantiations of this paradigm. Our protocols avoid computationally expensive public-key operations and are secure in the presence of a malicious adversary.

We demonstrate the practicality of our PSI-CA protocol with an implementation. For n = 16 parties with data-sets of 2^20 items each, our server-aided variant takes 71 seconds. Interestingly, in the server-less setting, the same task takes only 7 seconds. To the best of our knowledge, this is the first ‘special purpose’ implementation of a multi-party PSI-CA (i.e., an implementation that does not rely on a generic underlying MPC protocol).

Our PSI-CA protocols can be used to securely compute the dot-product function. The dot-product function takes n binary vectors v1, ..., vn, each of m elements, and outputs the sum of m entries, where the i-th entry is equal the product of the i-th entries in all n input vectors. Importantly, the complexity of our protocol for secure dot-product (where party Pi has a secret vector vi) is linear only in the Hamming weight of the vectors, which is potentially sub-linear in the input size.

We demonstrate that two interesting applications, namely, ‘COVID-19 heatmap’ and ‘associated rule learning (ARL)’, can be computed securely using a dot-product as a building block. We analyse the performance of securely computing Covid-19 heatmap and ARL using our protocol and compare that to the state-of-the-art.

The cryptographic sponge is a popular method for hash function design. The construction is in the ideal permutation model proven to be indifferentiable from a random oracle up to the birthday bound in the capacity of the sponge. This result in particular implies that, as long as the attack complexity does not exceed this bound, the sponge construction achieves a comparable level of collision, preimage, and second preimage resistance as a random oracle. We investigate these state-of-the-art bounds in detail, and observe that while the collision and second preimage security bounds are tight, the preimage bound is not tight. We derive an improved and tight preimage security bound for the cryptographic sponge construction. The result has direct implications for various lightweight cryptographic hash functions. For example, the NIST Lightweight Cryptography finalist Ascon-Hash does not generically achieve $2^{128}$ preimage security as claimed, but even $2^{192}$ preimage security. Comparable improvements are obtained for the modes of Spongent, PHOTON, ACE, and Subterranean 2.0, among others.

The potential advent of large-scale quantum computers in the near future poses a threat to contemporary cryptography. Without doubt, one of the most active and ubiquitous usage of cryptography is currently present in the very vibrant field of cellular networks, i.e., 3G, 4G, 5G and 6G, which is already in the planning phase. The entire cryptography of cellular networks is centered around seven secret-key algorithms $f1,\ldots, f_5, f_1^{*}, f5^{*}$, aggregated into an "authentication and key agreement" algorithm set. Still, these secret key algorithms have not yet been subject to quantum cryptanalysis. Instead, many quantum security considerations for telecommunication networks argue that the threat posed by quantum computers is restricted to public-key cryptography. On the other hand, the only threat to secret-key algorithms would stem from the famous Grover quantum search algorithm, which admits a general square root speedup of all oracle based search problems, thus resulting in an effectively halved key length of the above algorithms. However, various recent works have presented quantum attacks on secret key cryptography that result in more than a quadratic speedup. These attacks call for a re-evaluation of quantum security considerations for cellular networks, encompassing a quantum cryptanalysis of the secret-key primitives used in cellular security. In this paper, we conduct such a quantum cryptanalysis for the Milenage algorithm set, the prevalent instantiation of the seven secret-key algorithms that underpin cellular security. Building upon recent quantum cryptanalytic results, we show attacks that go beyond a quadratic speedup. Concretely, we provide for all Milenage algorithms various quantum attack scenarios, including exponential speedups distinguishable by different quantum attack models. The presented attacks include a polynomial time quantum existential forgery attack, assuming an attacker has access to a superposition oracle of Milenage and key recovery attacks that reduce the security margin beyond the quadratic speedup of Grover. Our results do not constitute an immediate quantum break of the Milenage algorithms, but they do provide strong evidence against choosing Milenage as the cryptographic primitive underpinning the security of quantum resistant telecommunication networks.

The dream of software obfuscation is to take programs, as they are, and then compile them into obfuscated versions that hide their secret inner workings. In this work we investigate notions of obfuscations weaker than virtual black-box (VBB) but which still allow obfuscating cryptographic primitives preserving their original functionalities as much as possible. In particular we propose two new notions of obfuscations, which we call oracle-differing-input obfuscation (odiO) and oracle-indistinguishability obfuscation (oiO). In a nutshell, odiO is a natural strengthening of differing-input obfuscation (diO) and allows obfuscating programs for which it is hard to find a differing-input when given only oracle access to the programs. An oiO obfuscator allows to obfuscate programs that are hard to distinguish when treated as oracles. We then show applications of these notions, as well as positive and negative results around them. A few highlights include: – Our new notions are weaker than VBB and stronger than diO. – As it is the case for VBB, we show that there exist programs that cannot be obfuscated with odiO or oiO. – Our new notions allow to compile several flavours of secret key primitives (e.g., SKE, MAC, designated verifier NIZK) into their public key equivalent (e.g., PKE, signatures, publicly verifiable NIZK) while preserving one of the algorithms of the original scheme (function-preserving), or the structure of their outputs (format-preserving).

The rebound attack was introduced by Mendel et al. at FSE 2009 to fulfill a heavy middle round of a differential path for free, utilizing the degree of freedom from states. The inbound phase was extended to 2 rounds by the Super-Sbox technique invented by Lamberger et al. at ASIACRYPT 2009 and Gilbert and Peyrin at FSE 2010. In ASIACRYPT 2010, Sasaki et al. further reduced the requirement of memory by introducing the non-full-active Super-Sbox. In this paper, we further develop this line of research by introducing Super-Inbound, which is able to connect multiple 1-round or 2-round (non-full-active) Super-Sbox inbound phases by utilizing fully the degrees of freedom from both states and key, yet without the use of large memory. This essentially extends the inbound phase by up to 3 rounds. We applied this technique to find classic or quantum collisions on several AES-like hash functions, and improved the attacked round number by 1 to 5 in targets including AES-128 and SKINNY hashing modes, Saturnin-Hash, and Grostl-512. To demonstrate the correctness of our attacks, the semi-free-start collision on 6-round AES-128-MMO/MP with estimated time complexity $2^{24}$ in classical setting was implemented and an example pair was found instantly on a standard PC.