International Association
for Cryptologic Research

Also referred to as the Holy Grail of Cryptography, Fully Homomorphic Encryption (FHE) allows for arbitrary calculations over encrypted data. As a basic use-case, FHE enables a User to delegate a computation over her sensitive data to a semi-trusted Cloud: in such a setup, the User provides her data $x$ encrypted to the Cloud, the Cloud evaluates a function $f$ over the encrypted data without ever decrypting it, and sends the (encrypted) result back to the User, who finally decrypts it and obtains the desired value $f(x)$. However, even after more than twelve years of advances in this field, FHE schemes are still fairly slow in evaluation, therefore any optimization is welcome.

Among existing FHE schemes, in this contribution we focus on the TFHE Scheme by Chillotti et al., which currently achieves the best evaluation times for generic functions. To be instantiated, TFHE however requires an extensive set of parameters. These parameters affect several aspects, including but not limited to the cleartext size, the bit-security level, the probability of errors and also the evaluation time. We propose, implement and evaluate a (semi-)automated approach to generate a set of TFHE parameters with particular respect to the evaluation time, given just the desired security level, cleartext precision, and a parameter that relates to the properties of the evaluated function $f$. With our tool, we re-generate some of the existing TFHE parameters, while achieving up to 39% better execution times in an equivalent setup.

Most cryptographic protocols use cryptographic hash functions as a building block. The security analyses of these protocols typically assume that the hash functions are perfect (such as in the random oracle model). However, in practice, most widely deployed hash functions are far from perfect -- and as a result, the analysis may miss attacks that exploit the gap between the model and the actual hash function used.

We develop the first methodology to systematically discover attacks on security protocols that exploit weaknesses in widely deployed hash functions. We achieve this by revisiting the gap between theoretical properties of hash functions and the weaknesses of real-world hash functions, from which we develop a lattice of threat models. For all of these threat models, we develop fine-grained symbolic models.

Our methodology's fine-grained models cannot be directly encoded in existing state-of-the-art analysis tools by just using their equational reasoning. We therefore develop extensions for the two leading tools, Tamarin and Proverif. In extensive case studies using our methodology, the extended tools rediscover all attacks that were previously reported for these protocols and discover several new variants.

Motivated by new applications such as secure Multi-Party Computation (MPC), Homomorphic Encryption (HE), and Zero-Knowledge proofs (ZK), many MPC-, HE- and ZK-friendly symmetric-key primitives that minimize the number of multiplications over $\mathbb F_p$ for a large prime $p$ have been recently proposed in the literature. These symmetric primitive are usually defined via invertible functions, including (i) Feistel and Lai--Massey schemes and (ii) SPN constructions instantiated with invertible non-linear S-Boxes (as invertible power maps $x\mapsto x^d$). However, the ``invertibility'' property is actually never required in any of the mentioned applications.

In this paper, we discuss the possibility to set up MPC-/HE-/ZK-friendly symmetric primitives instantiated with non-invertible weak bijective functions. With respect to one-to-one correspondence functions, any output of a weak bijective function admits at most two pre-images. The simplest example of such function is the square map over $\mathbb F_p$ for a prime $p\ge 3$, for which $x^2 = (-x)^2$. When working over $\mathbb F_p^n$ for $n\gg 1$, a weak bijective function can be set up by re-considering the recent results of Grassi, Onofri, Pedicini and Sozzi as starting point. Given a quadratic local map $F:\mathbb F_p^2 \rightarrow \mathbb F_p$, they proved that the non-linear function over $\mathbb F_p^n$ for $n\ge 3$ defined as $\mathcal S_F(x_0, x_1, \ldots, x_{n-1}) = y_0\| y_1\| \ldots \| y_{n-1}$ where $y_i := F(x_i, x_{i+1})$ is never invertible. Here, we prove that -- the quadratic function $F:\mathbb F_p^2 \rightarrow \mathbb F_p$ that minimizes the probability of having a collision for $\mathcal S_F$ over $\mathbb F_p^n$ is of the form $F(x_0, x_1) = x_0^2 + x_1$ (or equivalent); -- the function $\mathcal S_F$ over $\mathbb F_p^n$ defined as before via $F(x_0, x_1) = x_0^2 + x_1$ (or equivalent) is weak bijective.

As concrete applications, we propose modified versions of the MPC-friendly schemes MiMC, HadesMiMC, and (partially of) Hydra, and of the HE-friendly schemes Masta, Pasta, and Rubato. By instantiating them with the weak bijective quadratic functions proposed in this paper, we are able to improve the security and/or the performances in the target applications/protocols.

We propose the multiple modular subset product with errors problem over unique factorization domains and give search-to-decision reduction as well as average-case-solution to worst-case-solution reduction for it.

Decentralized multi-authority attribute-based encryption (MA-ABE) is a distributed generalization of standard (ciphertext-policy) attribute-based encryption where there is no trusted central authority: any party can become an authority and issue private keys, and there is no requirement for any global coordination other than the creation of an initial set of common reference parameters.

We present the first multi-authority attribute-based encryption schemes that are provably fully-adaptively secure. Namely, our construction is secure against an attacker that may corrupt some of the authorities as well as perform key queries adaptively throughout the life-time of the system. Our main construction relies on a prime order bilinear group where the $k$-linear assumption holds as well as on a random oracle. Along the way, we present a conceptually simpler construction relying on a composite order bilinear group with standard subgroup decision assumptions as well as on a random oracle.

Prior to this work, there was no construction that could resist adaptive corruptions of authorities, no matter the assumptions used. In fact, we point out that even standard complexity leveraging style arguments do not work in the multi-authority setting.

We give a probabilistic polynomial time algorithm for high F_ell-rank subset product problem over the order O_K of any algebraic field K with O_K a principal ideal domain and the ell-th power residue symbol in O_K polynomial time computable, for some rational prime ell.

In this paper we introduce dCommon - auditable and programmable MPC as a service for solving multichain governance coordination problems throughout DeFi and Web3; Along with its on-chain part Common Interest Protocol (CIP) - an autonomous and immutable registry smart contract suite. CIP enables arbitrary business logic for off-chain computations using dCommon’s network/subnetworks with Ethereum smart contracts. In Stakehouse, CIP facilitates a trustless recovery of signing keys and key management for validator owners on demand. The paper elucidates a formal overview of the MPC system cryptography mechanics and its smart contract business logic for the Stakehouse CIP (SH-CIP) application implementation.

It is well-known that the subset product problem is NP-hard. We give a probabilistic polynomial time algorithm for the special case of high F_2-rank.

We give a construction of an efficient one-out-of-many proof system, in which a prover shows that he knows the pre-image for one element in a set, based on the hardness of lattice problems. The construction employs the recent zero-knowledge framework of Lyubashevsky et al. (Crypto 2022) together with an improved, over prior lattice-based one-out-of-many proofs, recursive procedure, and a novel rejection sampling proof that allows to use the efficient bimodal rejection sampling throughout the protocol.

Using these new primitives and techniques, we give instantiations of the most compact lattice-based ring and group signatures schemes. The improvement in signature sizes over prior works ranges between $25\%$ and $2$X. Perhaps of even more significance, the size of the user public keys, which need to be stored somewhere publicly accessible in order for ring signatures to be meaningful, is reduced by factors ranging from $7$X to $15$X. In what could be of independent interest, we also provide noticeably improved proofs for integer relations which, together with one-out-of-many proofs are key components of confidential payment systems.

In this note, we introduce a class of card-based protocols called single-shuffle full-open (SSFO) protocols and show that any SSFO protocol for a function $f: \{0,1\}^n \rightarrow [d]$ using $k$ cards is generically converted to a private simultaneous messages (PSM) protocol for $f$ with $(nk)$-bit communication. As an example application, we obtain an 18-bit PSM protocol for the three-bit equality function from the six-card trick (Heather-Schneider-Teague, Formal Aspects of Computing 2014), which is an SSFO protocol in our terminology. We then generalize this result to another class of protocols which we name single-shuffle single-branch (SSSB) protocols, which contains SSFO protocols as a subclass. As an example application, we obtain an 8-bit PSM protocol for the two-bit AND function from the four-card trick (Mizuki-Kumamoto-Sone, ASIACRYPT 2012), which is an SSSB protocol in our terminology.

It has been half a century since the first several NP-complete problems were discovered by Cook, Karp and Levin in the early 1970s. Till today, thousands of NP-complete problems have been found. Most of them are of combinatorial flavor. We discover new possibilities in purer mathematics and introduce more structures to the theory of computation. We propose a family of abstract problems related to the subset product problem. To describe hardness of abstract problems, we propose a new hardness notion called global-case hardness, which is stronger than worst-case hardness and incomparable with average-case hardness. It is about whether all prespecified subproblems of a problem are NP-hard. We prove that our problems are generally NP-hard in all/a wide range of unique factorization domains with efficient multiplication or all/a wide range of ideal class groups of Dedekind domains with efficient ideal multiplication.

The IT University of Copenhagen is searching a PhD candidate within Machine Learning for Eye Information privacy and security as part of the European Training Network EYES4ICU on Eyes for Information, Communication, and Understanding. The PhD project aims to identify sensitive eye information and develop methods for legal-compliance and safe access control and “private” data control using Eye Information. The goal is to work towards a fully GDPR (General Data Protection Regulation) compliant Eye Information pipeline that balances utility and security for everyday use of Eye information (e.g., such as in schools, and clinical settings).

The successful candidate should have a good background in one or more of the following: machine learning, statistics and computer science. Strong programming and mathematical skills Ideally also have a knowledge of and desire to work with eye tracking, human-machine interfaces, cognitive modelling, security/privacy, federated learning, and cryptographic protocols. You are enthusiastic about traveling for research conferences, PhD schools, and for internships with partners in different countries, e.g., Poland.

Benefits include: a 3-year employment contract with a competitive salary and additional family allowance (if married or having dependent children); access to high quality public education and healthcare in Denmark; budget for work-related travel, books, conferences and workshops etc.; Connections to potential employers in Europe; A rich and versatile PhD program with diverse educational modules, including mentorship, summer and winter schools, workshops... lots of fun!

Closing date for applications:

Contact: Dan Witzner

More information: https://candidate.hr-manager.net/ApplicationInit.aspx?cid=119&ProjectId=181482&DepartmentId=3439&MediaId=1282

Heliax is a public goods lab which researches, develops, deploys, and maintains protocols and mechanisms designed to serve the everyday needs of humanity. Using these protocols and mechanisms, we build vertically integrated products and networks that form coherent open systems which are capable of acting as an alternative to existing exploitative paradigms. Everything produced by Heliax is open-source and unencumbered by any form of IP law. Two of the most notable vertically integrated protocols are Anoma and Namada. Anoma is an intent-centric, privacy-preserving protocol for decentralized counterparty discovery, distributed solving,and atomic multi-chain settlement – a radically novel architecture for decentralized protocols marking the beginning of the third generation of architectures, the first new generation since the introduction of programmable settlement by Ethereum. Namada is Anoma’s first fractal instance: a proof-of-stake Layer 1 blockchain protocol designed to provide users with asset-agnostic, interchain privacy. The key innovations include Zcash-like shielded transfers for any assets (fungible and non-fungible), incentivised privacy sets, and interoperability with Ethereum via a custom bridge and with the Cosmos ecosystem and others via IBC. As components of these vertically integrated protocols, Heliax builds many modular components which can be used independently or jointly, such as the Juvix language, Typhon consensus suite, Taiga private state transition framework, and VampIR polynomial circuit compiler. Heliax is a remote-first (but not remotely-only) team, currently composed of +50 cross-disciplinary members located around the world.

Closing date for applications:

Contact: Christopher Goes - cwgoes@heliax.dev

More information: https://heliax.dev/jobs/zero-knowledge-cryptographer-protocol-developer/

The Department of Combinatorics and Optimization at the University of Waterloo invites applications from qualified candidates for a 1.5-year postdoctoral fellowship appointment in cryptography under the supervision of Prof. Douglas Stebila. Expertise in cryptography is desired, particularly in the areas of cryptographic protocols, post-quantum cryptography, or digital credentials.

A Ph.D. degree and evidence of excellence in research are required. Successful applicants are expected to maintain an active program of research. The annual salary is $60,000. In addition, a travel fund of $3,000 per year is provided. The effective date of appointment is January 1, 2023 – June 30, 2024. However, dates are negotiable.

Interested individuals should apply using the MathJobs site https://www.mathjobs.org/jobs/list/20495. Applications should include a cover letter describing their interest in the position, a curriculum vitae and research statement and at least three reference letters.

Inquiries may be addressed to Douglas Stebila, Associate Professor (dstebila@uwaterloo.ca), Department of Combinatorics and Optimization, University of Waterloo, Waterloo, Ontario, Canada N2L 3G1. The deadline for application is October 15, 2022. Late applications will be considered until the position is filled.

Closing date for applications:

Contact: Douglas Stebila (dstebila@uwaterloo.ca)

More information: https://www.mathjobs.org/jobs/list/20495

The Ying Wu College of Computing (YWCC) at the New Jersey Institute of Technology (NJIT) invites applications for a senior faculty member to serve as the Director of the Institute for Cybersecurity. Candidates must have a PhD in computer science or a related discipline with a demonstrated track record of scholarly accomplishments commensurate with the appointment at the rank of Associate Professor or above. Candidates with doctorates from top worldwide institutions are especially welcome to apply.

The successful candidate will hold a faculty appointment in the department of Computer Science and is expected to lead the creation of the Institute for Cybersecurity, which builds on top of existing research and educational strengths in cybersecurity and will span multiple departments across NJIT. Exceptional organizational and communication skills, financial acumen, and the potential to fundraise are essential. As a faculty member of the Computer Science department, the successful candidate is expected to contribute to the academic life of the department, in terms of education, research and service.

NJIT is a Carnegie R1 Doctoral University (Very High Research Activity), with $166M research expenditures in FY21. The Computer Science Department has 31 tenured/tenure track faculty, with eight NSF CAREER awardees and one DARPA Young Investigator recipient. The department conducts research on real-world grand challenges in computer science and plays a key role in the NJIT Cybersecurity Research Center. The department is designated by the NSA as a National Center for Academic Excellence in Cyber Defense, and it hosts an NSF Scholarship for Service program.

To formally apply for the position, please submit your application at https://academicjobsonline.org/ajo/jobs/22924.

Applications received by December 31, 2022 will receive full consideration. However, applications are welcome until the positions are filled, and will be evaluated as they are received. Contact address for inquiries: cs-faculty-search@njit.edu.

Closing date for applications:

Contact: cs-faculty-search@njit.edu

More information: https://academicjobsonline.org/ajo/jobs/22924

The Computer Science Department at the New Jersey Institute of Technology (NJIT) invites applications for tenure-track faculty positions starting in Fall 2023. We seek applicants whose research focuses on cybersecurity, as well as applicants in other areas of computer science. We aim to hire at the rank of Assistant Professor, but exceptional candidates at higher ranks will also be considered.

Applicants must have a Ph.D. degree by Summer 2023 in a relevant discipline, and outstanding academic credentials that demonstrate their ability to conduct independent world-class research and attract external funding. Candidates with doctorates from top worldwide institutions are especially welcome to apply. NJIT is a Carnegie R1 Doctoral University (Very High Research Activity), with $166M research expenditures in FY21. The Computer Science Department has 31 tenured/tenure track faculty, with eight NSF CAREER awardees and one DARPA Young Investigator recipient. The department conducts research to solve real-world grand challenges in computer science and plays a key role in the NJIT Cybersecurity Research Center.

Applied research, collaboration with industry, innovation and entrepreneurship are encouraged and supported. Performance and tenure expectations are aligned with those of the broader academic computing community, with an emphasis on grant funding and publishing in top conferences and journals, and contributing to our undergraduate and graduate instructional programs.

To formally apply for the position, please submit your application materials at https://academicjobsonline.org/ajo/jobs/22915.

Applications received by December 31, 2022 will receive full consideration. However, applications are welcome until the positions are filled, and will be evaluated as they are received. Contact address for inquiries: cs-faculty-search@njit.edu.

Closing date for applications:

Contact: cs-faculty-search@njit.edu

More information: https://academicjobsonline.org/ajo/jobs/22915

We are hiring a Scientist for the Cryptography team. In this position you will be part of a team developing and implementing cryptographic protocols for encrypted computations. The Cryptography team includes well-known researchers and is a major contributor to the PALISADE and OpenFHE homomorphic encryption libraries.

Requirements:

• PhD in Computer Science, Math, or a related field
• Experience in software development with C++
• Research experience in lattice-based cryptography
• Publications in top-tier conferences

Desired Skills:

• Experience in fully homomorphic encryption
• Experience in secure multiparty computation
• Experience with hardware acceleration of lattice-based cryptography

  Closing date for applications:

  Contact: Yuriy Polyakov, ypolyakov@dualitytech.com

  More information: https://dualitytech.com/careers/cryptography-scientist/

Applications are invited for a postdoctoral research position in distributed cryptography. The researcher will be working on one or more areas from:

• foundational aspects of blockchains
• secure multiparty computation
• cryptographic protocols
• Byzantine fault tolerance
• algorithmic economics and applications to blockchains
• cryptocurrencies and decentralized finance

Applicants are expected to hold a PhD in computer science or related field, and must have published papers at a top-tier venue in cryptography, theoretical computer science, security, blockchain and cryptocurrencies, or distributed computing. Applications that do not satisfy the above will not be considered.

The position will be available starting in Spring 2023 (earlier starting date might also be considered), and remain open until filled.

The Computer Science Department at Purdue University is a top-ranked computer science departments in the US with an outstanding reputation in security and cryptography, and more than 13 faculty whose research focus is in these areas. Purdue is also the home to the Center for Education and Research in Information Assurance and Security (CERIAS), a cross-cutting institute at Purdue University, and the world’s foremost interdisciplinary academic center for cyber and cyber-physical systems, consisting more than a hundred researchers addressing issues of security, privacy, resiliency, trusted electronics, autonomy and explainable artificial intelligence.

The postdoctoral researcher will work under the supervision of Prof. Vassilis Zikas and join the vibrant and rapidly-growing Purdue Blockchain Lab.

To apply, please use the following link: https://forms.gle/GkYXRndZ3yuNQegP9

Closing date for applications:

Contact: Prof. Vassilis Zikas, Purdue University

More information: https://www.cs.purdue.edu/blockchain/index.html

The Department of Combinatorics and Optimization (https://math.uwaterloo.ca/co) in the Faculty of Mathematics at the University of Waterloo invites applications for one tenure-track faculty position at the rank of Assistant Professor. Associate or Full Professors with tenure will be considered in special cases that substantially enhance the reputation of the department.

The focus area for this position is cryptography, and emphasis will be given to candidates in this area. However, stellar candidates in the research areas of algebraic combinatorics, continuous optimization, discrete optimization, and graph theory, who can greatly enhance the research and teaching profile of the department, are also welcome to apply.

A Ph.D. degree and evidence of excellence in research and teaching are required. Successful applicants are expected to maintain an active program of research, to attract and supervise graduate students, and to participate in undergraduate and graduate teaching. The salary range for the position is $105,000 to $155,000. Negotiations beyond this salary range will be considered for exceptionally qualified candidates. The anticipated start date will be July 1, 2023.

Interested individuals should apply using the MathJobs site (https://www.mathjobs.org/jobs/list/20728). Applications should include a curriculum vitae, research and teaching statements, and up to three reprints/preprints. In addition, at least three reference letters should be submitted.

If you have any questions regarding the position, the application process, assessment process, or eligibility, please contact combopt@uwaterloo.ca or Chaitanya Swamy, Chair, Department of Combinatorics and Optimization, University of Waterloo, Waterloo, Ontario, Canada N2L 3G1. The closing date for receipt of applications is December 1, 2022.

For more information and the full job description, please see https://www.mathjobs.org/jobs/list/20728.

Closing date for applications:

Contact: Chaitanya Swamy, Chair, Department of Combinatorics and Optimization

More information: https://www.mathjobs.org/jobs/list/20728

The ECO team (https://www.lirmm.fr/eco/) at LIRMM (CNRS/Univ Montpellier, France) has several post-doc funding of various duration.

Topics include:

• error correcting codes, decoding algorithms, computer algebra and algorithms for coding theory, error correcting codes and lattices. The postdoctoral fellow will join the BARRACUDA project (https://barracuda.inria.fr/fr/)
  Contact : Eleonora Guerrini (eleonora.guerrini@lirmm.fr)
• public-key cryptography, multi-party computation, advanced protocols within the SANGRIA project (https://lip6.fr/Damien.Vergnaud/projects/sangria/) and the SecureCompute (PEPR) project.
  Contact : Fabien Laguillaumie (fabien.laguillaumie@lirmm.fr)

If you are interested, please send an email including your CV and a list of publications.

Closing date for applications:

Contact: Fabien Laguillaumie