International Association
for Cryptologic Research

Various fault models, each with a distinct effect, have been introduced. The process of injecting a fault is not overly complicated, however it can be challenging to inject an exploitable fault. The influence of a fault model should be evaluated based on characteristics like as cost, repeatability, and practicability of desirable faults. Additionally, there must be efficient techniques for leveraging the injected fault to retrieve the key, especially in the presence of common countermeasures.

In this paper we introduce a new fault analysis technique called ``linked fault analysis''(LFA) which can be interpreted as a more powerful variation of several well-known fault attacks against implementations of symmetric primitives in various scenarios particularly in software implementations. While in a traditional fault attack, the fault model is defined based on the relation between the correct value and the defective one produced by fault injection, the LFA leverages a model in which the fault involves more than one intermediate value, the target variable $X$, and a second variable $Y$. We demonstrate that LFA allows the attacker to perform fault attacks with significantly less data (relative to previously presented fault attacks in the same class) and without the input control need.

Event date: 27 March to 29 March 2023
Submission deadline: 9 September 2022
Notification: 16 January 2023

We present BalanceProofs, the first vector commitment scheme that is maintainable (i.e., supporting sublinear updates) while also supporting fast proof aggregation and verification. The basic version of BalanceProofs has $O(\sqrt{n}\log n)$ update time and $O(\sqrt{n})$ query time and its constant-size aggregated proofs can be produced and verified in milliseconds. In particular, BalanceProofs improves the aggregation time and aggregation verification time of the only known maintainable and aggregatable vector commitment scheme, HyperProofs (USENIX SECURITY 2022), by up to 1000$\times$. Fast verification of aggregated proofs is particularly useful for applications such as stateless cryptocurrencies (and was a major bottleneck for Hyperproofs), where an aggregated proof of balances is produced once but must be verified multiple times and by a large number of nodes. As a limitation, BalanceProofs' update time compared to Hyperproofs roughly doubles, but always stays in the range from 2 to 3 seconds. BalanceProofs can be viewed as a compiler that transforms any non-maintainable vector commitment with fast aggregation to a maintainable one with the aforementioned complexities. We finally study useful tradeoffs in BalanceProofs between (aggregate) proof size, update time and (aggregate) proof computation and verification, by introducing a bucketing technique, and present an extensive evaluation, including a comparison to Hyperproofs as well as applications of BalanceProofs to Verkle trees.

Embedded devices with built-in security features are natural targets for physical attacks. Thus, enhancing their side-channel resistance is an important practical challenge. A standard solution for this purpose is the use of Boolean masking schemes, as they are well adapted to current block ciphers with efficient bit-slice representations. Boolean masking guarantees that the security of an implementation grows exponentially in the number of shares under the assumption that leakages are sufficiently noisy (and independent). Unfortunately, it has been shown that this noise assumption is hardly met on low-end devices. In this paper, we therefore investigate techniques to mask cryptographic algorithms in such a way that their resistance can survive an almost complete lack of noise. Building on seed theoretical results of Dziembowski et al., we put forward that arithmetic encodings in prime fields can reach this goal. We first exhibit the gains that such encodings lead to thanks to a simulated information theoretic analysis of their leakage (with up to six shares). We then provide figures showing that on platforms where optimized arithmetic adders and multipliers are readily available (i.e., most MCUs and FPGAs), performing masked operations in Mersenne-prime fields as opposed to binary extension fields will not lead to notable implementation overheads. We compile these observations into a new AES-like block cipher, called AES-prime, which is well-suited to leverage the remarkable advantages of masking in prime fields. We also confirm the practical relevance of our findings by evaluating concrete software (ARM Cortex-M3) and hardware (Xilinx Spartan-6) implementations. Our experimental results show that security gains over Boolean masking (and, more generally, binary encodings) can reach orders of magnitude.

We present new constructions of multi-party homomorphic secret sharing (HSS) based on a new primitive that we call homomorphic encryption with decryption to shares (HEDS). Our first construction, which we call Scooby, is based on many popular fully homomorphic encryption (FHE) schemes with a linear decryption property. Scooby achieves an $n$-party HSS for general circuits with complexity $O(|F| + \log n)$, as opposed to $O(n^2 \cdot |F|)$ for the prior best construction based on multi-key FHE. Scooby can be based on (ring)-LWE with a super-polynomial modulus-to-noise ratio. In our second construction, Scrappy, assuming any generic FHE plus HSS for NC1-circuits, we obtain a HEDS scheme which does not require a super-polynomial modulus. While these schemes all require FHE, in another instantiation, Shaggy, we show how in some cases it is possible to obtain multi-party HSS without FHE, for a small number of parties and constant-degree polynomials. Finally, we show that our Scooby scheme can be adapted to use multi-key fully homomorphic encryption, giving more efficient spooky encryption and setup-free HSS. This latter scheme, Casper, if concretely instantiated with a B/FV-style multi-key FHE scheme, for functions $F$ which do not require bootstrapping, gives an HSS complexity of $O(n \cdot |F| + n^2 \cdot \log n)$.

The genus is an efficiently computable arithmetic invariant for lattices up to isomorphism. Given the recent proposals of basing cryptography on the lattice isomorphism problem, it is of cryptographic interest to classify relevant families of lattices according to their genus. We propose such a classification for q-ary lattices, and also study their distribution. In particular, for an odd prime q, we show that random q-ary lattices are mostly concentrated on two genera. Because the genus is local, this also provides information on the distribution for general odd q. The case of q a power of 2 is also studied, although we only achieve a partial classification.

Statistical Ineffective Fault Attack (SIFA) has been a threat for implementa-tions of symmetric cryptographic primitives. Unlike Differential Fault At-tacks (DFA) which takes both correct and faulty ciphertexts, SIFA can re-cover the secret key with only correct ciphertexts. The classic SIFA is only effective on fault models with non-uniform distribution of intermediate val-ue. In this paper, we present a new fault model named adjacent-byte model, which describes a non-uniform distribution of relationship between two bytes (i.e. exclusive-or). To the best of our knowledge, it is the first time that this fault model has been proposed. We also show that the adjacent-byte faults can be induced by different fault sources and easy to reproduce. Then a new SIFA attack method called AB-SIFA on symmetric cryptography is proposed. We demonstrate the effectiveness of this new attack by simulating the attack. Finally, our attacks are applied to a software implementations of AES-128 with redundant countermeasure and a hardware AES co-processor, utilizing voltage glitches and clock glitches.

To defend against the rising threat of quantum computers, NIST initiated their Post-Quantum Cryptography(PQC) standardization process in 2016. During the PQC process, the security against side-channel attacks has received much attention. Lattice-based schemes are considered the most promising group to be standardized. Message encoding in lattice-based schemes has been proven to be vulnerable to side-channel attack, and first-order masked message encoder has been presented. However, there is still a lack of security evaluation for the first-order masked message encoder under different implementations. In this paper, we analyzed the security of first-order masked message encoder of Kyber. We found although masked Kyber certainly is able to defend against the previous side-channel attacks, there exists some exploitable byte leakages. By the help of the leakages, we propose a deep learning-based key recovery attack on message encoding of masked Kyber. We recover the original message from masked message encoding and then enable a chosen-ciphertext attack to recover the secret key. In our experiments, the whole secret key of masked Kyber768 was recovered with only 9 traces and the successful rate of attack is close to 100%.

ObliviousRAM(ORAM)isapowerfultechniquetopreventharmful data breaches. Despite tremendous progress in improving the concrete perfor- mance of ORAM, it remains too slow for use in many practical settings; recent breakthroughs in lower bounds indicate this inefficiency is inherent for ORAM and even some natural relaxations. This work introduces snapshot-oblivious RAMs, a new secure memory access primitive. Snapshot-oblivious RAMs bypass lower bounds by providing security only for transcripts whose length (call it c) is fixed and known ahead of time. Intuitively, snapshot-oblivious RAMs provide strong security for attacks of short duration, such as the snapshot attacks targeted by many encrypted databases. We give an ORAM-style definition of this new primitive, and present several constructions. The underlying design principle of our constructions is to store the history of recent operations in a data structure that can be accessed obliviously. We instantiate this paradigm with data structures that remain on the client, giving a snapshot-oblivious RAM with constant bandwidth overhead. We also show how these data structures can be stored on the server and accessed using oblivious memory primitives. Our most efficient instantiation achieves O(log c) bandwidth overhead. By extending recent ORAM lower bounds, we show this performance is asymptotically optimal. Along the way, we define a new hash queue data structure—essentially, a dictionary whose elements can be modified in a first-in- first-out fashion—which may be of independent interest.

Event date: 26 September to 30 September 2022

Event date: 14 December to 16 December 2022
Submission deadline: 25 July 2022
Notification: 5 September 2022

The UCLouvain Crypto Group is recruiting Ph.D. students willing to undertake a thesis in cryptography. The Ph.D. thesis will take place in the dynamic research environment of the group at UCLouvain (Louvain-la-Neuve, Belgium), in collaboration with other Ph.D. students, post-doctoral researchers and professors working on various aspects of cryptography.

The candidates should hold a master or engineering degree in mathematics, computer science or electronics, with strong interest in cryptography and security. A preliminary background in cryptography is useful, but not mandatory. The researcher will be hired for a one-year contract that can be renewed up to three times.

Several positions are open, in various subfields of cryptography, including verifiable computation, privacy-preserving technologies and leakage resilient cryptography.

Closing date for applications:

Contact: Candidates are invited to send a resume and motivation letter to Pr. Olivier Pereira, Pr. Francois-Xavier Standaert, Pr. Thomas Peters and Dr. Francois Koeune (email format: first name dot last name at uclouvain.be).

Applications are invited for a research intern position at the IMDEA Software Institute, Madrid, Spain.

Selected candidates will work under the supervision of Marco Guarnieri (https://mguarnieri.github.io).

The internship will focus on security at the hardware-software interface. The specific topic of the research will be determined based on the common interests of the candidate and the supervisor.

Who should apply?

Ideal candidates should be final year master students in Computer Science, Computer Engineering, or Mathematics with an interest in the aforementioned research topic. Experience in the following areas is a plus:(a) Computer Security, (b) Testing and Fuzzing, (c) Computer architectures, (d) Program analysis and verification, (e) Formal methods and logics. Solid programming skills will be highly valued. The position requires good teamwork and communication skills, including excellent spoken and written English.

Dates

The internship duration is intended to be for 4-6 months (with some flexibility). The ideal starting period is from September 2022. Deadline for applications is July 15th, 2022. Review of applications will begin immediately, and continue until the positions are filled.

How to apply?

Applicants interested in the position should submit their application at https://careers.software.imdea.org/ selecting option 7 - Internship and reference code 2022-06-intern-uarchsec.

Closing date for applications:

Contact: Marco Guarnieri (marco dot guarnieri at imdea dot org)

More information: https://software.imdea.org/open_positions/2022-06-intern-uarchsec.html

Applications are invited for one PhD student position in at the IMDEA Software Institute, Madrid, Spain.

Selected candidates will work under the supervision of Marco Guarnieri (https://mguarnieri.github.io).

The PhD position is in system security with a focus on security at the hardware-software interface. The specific topic of the research will be determined based on the common interests of the candidate and the supervisor.

Who should apply?

Ideal candidates have earned (or are in their last year of) a Master's degree in Computer Science, Computer Engineering, or Mathematics, with experience in at least one of the following areas: (a) Computer Security, (b) Testing and Fuzzing, (c) Computer architectures, (d) Program analysis and verification, (e) Formal methods and logics.

Solid programming skills will be highly valued. The position requires good teamwork and communication skills, including excellent spoken and written English.

Dates

The duration of the position is intended to be for the duration of the doctoral studies. The ideal starting period is from September 2022. Deadline for applications is July 15th, 2022. Review of applications will begin immediately, and continue until the positions are filled.

How to apply?

Applicants interested in the position should submit their application at https://careers.software.imdea.org/ selecting option 5 - PhD Student and reference code 2022-06-phd-uarchsec.

Closing date for applications:

Contact: Marco Guarnieri (marco dot guarnieri at imdea dot org)

Ph.D. student

Université de Lyon, Université Jean Monnet, Saint-Etienne, France The Embedded System Security Group at University Jean Monnet (Saint-Etienne, France) is looking for motivated PhD students. We are looking for candidates to work on protection of implementation against physical attacks. This project aims to develop side-channel attacks and fault attacks against lightweight block-cipher and propose tailored countermeasures.

Your tasks:

Research in the field of physical attacks

Possible teaching to the extent of 4 hours a week

Your profile:

Master's degree in Computer Science, Mathematics, electronics, or a related area by the time of appointment.

Interest in the areas of cryptography and IT security.

Fluency in English (written and spoken).

Knowledge of French is not mandatory.

If you are interested, please send an email including your detailed CV to vincent.grosso@univ-st-etienne.fr. Applications will be reviewed continuously until the position is filled.

Closing date for applications:

Contact: Vincent Grosso: vincent.grosso@univ-st-etienne.fr

Do you have a PhD and are you interested in researching the law and regulation of cybersecurity, and in combining this with insights from ethics and economics? If you are excited about doing this kind of research in an interdisciplinary environment, with a team of friendly and enthusiastic colleagues, and with partners from the financial and governmental sectors, then you may want to join us. The Institute for Logic, Language and Computation and the Institute for Information Law at the University of Amsterdam are looking for an ambitious postdoctoral candidate. Your research is part of the NWO-funded research project Quantum Impact on Societal Security.

Closing date for applications:

Contact: s.deharo@uva.nl

More information: https://www.illc.uva.nl/NewsandEvents/News/Positions/newsitem/13758/Postdoctoral-Researcher-in-the-Regulation-of-Quantum-Safe-Technology

The Security Group at University College Cork (UCC) is seeking a PhD student to work on the project “Adaptive Privacy-preservation in the Internet of Things”.

By interconnecting everyday devices and objects that were previously offline, the Internet of Things (IoT) enables data to flow from and to them, making them “smart”. However, remote connectivity also introduces significant risks for the security of the devices, and the privacy of the data being exchanged. The protection of this sensitive information requires the adoption of complex security and privacy mechanisms, including advanced encryption and anonymization techniques, such as homomorphic encryption and differential privacy. These mechanisms, however, often impose a significant overhead in terms of computational costs on constrained IoT devices. The goal of the project is to develop a framework for adaptive privacy preservation in IoT devices, providing the tools to select and calibrate privacy-enhancing technologies to suit the constraints of IoT platforms and devices, while maximizing privacy protection.

The student will join the thriving Security Group at UCC, where several PhDs and PostDocs carry out related research. The project is a collaboration between UCC (host organization) and MTU, and part of CONNECT - Centre for Future Networks & Communications, a major Science Foundation Ireland research initiative. The PhD student will work under the supervision of the Principal Investigator, Dr. Paolo Palmieri, and co-Investigator Dr. Hazel Murray (MTU).

Candidates should have a background/strong interest in security and privacy, and a good grasp of mathematics. Previous experience in cryptography is an asset, but is not required. Applicants should hold a good BSc or MSc degree in computer science, computer engineering, mathematics, or related subject.

The position is fully funded, including an annual stipend of €18,500 for up to four years and a contribution towards tuition fees. As part of the project, a travel budget is available to present at international conferences and to collaborate with other research groups.

Closing date for applications:

Contact: Informal inquires can be made to Dr. Paolo Palmieri: p.palmieri@cs.ucc.ie

Applications should be submitted on-line at the link above (https://ucc.qualtrics.com/jfe/form/SV_9KOs25IaXJJcVb8).

Open until filled, but applications received by July 10 will be prioritized.

More information: https://ucc.qualtrics.com/jfe/form/SV_9KOs25IaXJJcVb8

Technology Innovation Institute (TII) is a publicly funded research institute, based in Abu Dhabi, United Arab Emirates. It is home to a diverse community of leading scientists, engineers, mathematicians, and researchers from across the globe, transforming problems and roadblocks into pioneering research and technology prototypes that help move society ahead.

Cryptography Research Centre

Position: Cryptanalyst - Constraint Solving

Tweak your favorite constraint solving tools to perform cryptanalysis tasks

Study how to leverage machine learning techniques in the context of constraint solvers

Analyze, evaluate and target any weaknesses security systems which range from single crypto-primitives to entire protocols, from classical ciphers to the newest lightweight or post-quantum schemes

Develop mathematical and statistical models to analyze and solve security data problems

Collaborate with skillful software, hardware, and telecommunication engineers

Work with latest software and test your code on state-of-the-art High-Performance Devices

Conduct research in theoretical and practical cryptanalysis

Attend personalized in-house trainings with top cryptographers and international conferences and workshops

Skills required for the job

PhD degree in Cryptography, Applied Cryptography, Information Theory and Mathematics, Computer Science or any relevant Engineering degree

Extensive experience in constraint programming (SAT, SMT, Linear Programming, Constraint Programming)

Experience in theoretical and practical cryptanalysis

Valuable publications in the field of cryptanalysis and/or constraint programming (SAT, SMT, Linear Programming, Constraint Programming)

Extensive experience developing in various programming languages, and use of high-performance devices (CPU, GPU, TPU

Closing date for applications:

Contact:

Mehdi Messaoudi - Talent Acquisition Manager
Email: mehdi.messaoudi@tii.ae

Technology Innovation Institute (TII) is a publicly funded research institute, based in Abu Dhabi, United Arab Emirates. It is home to a diverse community of leading scientists, engineers, mathematicians, and researchers from across the globe, transforming problems and roadblocks into pioneering research and technology prototypes that help move society ahead.

Cryptography Research Centre

The position is in the asymmetric cryptanalysis team. The team currently consists of five senior researchers (post docs) and one PhD student. We cover a broad range of expertise in post-quantum cryptanalysis with experts on multivariate-, lattice-, and code-based systems. We are currently looking to support the team particularly on the coding side by a Code-based Cryptanalysis Expert.

Conduct research in the field of asymmetric cryptanalysis, especially regarding post quantum secure systems with strong focus on code-based systems

Contribute to the NIST standardization process

Publish in top tier conferences and journals

Participate in practical cryptanalysis projects and public cryptographic challenges

Develop mathematical and statistical models to analyze and solve security data problems

Collaborate with a skillful team of software, hardware, and telecommunication engineers

Work with latest software and test your code on state-of-the-art High-Performance Devices

Attend personalized in-house trainings with top cryptographers and international conferences and workshops

Skills required for the job

PhD degree in Cryptography, Applied Cryptography, Information Theory and Mathematics, Computer Science or any relevant Engineering degree

Strong background in coding theory and/or code-based cryptography

Extensive experience in theoretical and/or practical cryptanalysis

Valuable publications in the field of cryptanalysis

Extensive experience in performing side-channel attacks

Extensive experience developing in various programming languages (preferably C / C++, CUDA, python)

A passion for solving complex puzzles

Closing date for applications:

Contact:
Mehdi Messaoudi - Talent Acquisition Manager
Email: mehdi.messaoudi@tii.ae

The School of Business Informatics and Mathematics at the university of Mannheim has a job opening for an Assistant Professor (W1) for Responsible AI for an initial period of three years. After a positive evaluation, an extension for another three years is possible.

AI is increasingly interacting with society. This gives rise to numerous ethical issues, which should be addressed both in research and teaching by this junior professorship. The successful candidate is expected to develop the research field of Responsible AI within computer science and to advance it in exchange with the existing chairs of the institute. We are looking for candidates who are particularly qualified in at least one of the following areas:

• Trustworthy and explainable AI
• Privacy and AI
• AI and Fairness
• Human-AI Interaction
• AI regulation and certification
• Social implications of AI use

Please send your application with the usual documents (curriculum vitae, list of publications, information on previous teaching and research activities, course evaluations, your three most important publications as well as copies of your certificates and references) with the keyword "Juniorprofessur Responsible AI " in paper form or as pdf files by e-mail (bewerbung.wim@uni-mannheim.de) by 15.07.2022

Closing date for applications:

Contact: Universität Mannheim
Dean of the School of Business Informatics and Mathematics at the University of Mannheim
Dr. Bernd Lübcke
B6,26 - 68131 Mannheim
E-Mail: bewerbung.wim@uni-mannheim.de

More information: https://drive.google.com/file/d/1nn4ncxKEitXtqGlTi5wVCaf17C_pLOn_/view?usp=sharing