International Association
for Cryptologic Research

Additively Homomorphic Encryption (AHE) has been widely used in various applications, such as federated learning, blockchain, and online auctions. Elliptic Curve (EC) based AHE has the advantages of efficient encryption, homomorphic addition, scalar multiplication algorithms, and short ciphertext length. However, EC-based AHE schemes require solving a small exponential Elliptic Curve Discrete Logarithm Problem (ECDLP) when running the decryption algorithm, i.e., recovering the plaintext $m\in\{0,1\}^\ell$ from $m \ast G$. Therefore, the decryption of EC-based AHE schemes is inefficient when the plaintext length $\ell > 32$. This leads to people being more inclined to use RSA-based AHE schemes rather than EC-based ones.

This paper proposes an efficient algorithm called $\mathsf{FastECDLP}$ for solving the small exponential ECDLP at $128$-bit security level. We perform a series of deep optimizations from two points: computation and memory overhead. These optimizations ensure efficient decryption when the plaintext length $\ell$ is as long as possible in practice. Moreover, we also provide a concrete implementation and apply $\mathsf{FastECDLP}$ to some specific applications. Experimental results show that $\mathsf{FastECDLP}$ is far faster than the previous works. For example, the decryption can be done in $0.35$ ms with a single thread when $\ell = 40$, which is about $30$ times faster than that of Paillier. Furthermore, we experiment with $\ell$ from $32$ to $54$, and the existing works generally only consider $\ell \leq 32$. The decryption only requires $1$ second with $16$ threads when $\ell = 54$. In the practical applications, we can speed up model training of existing vertical federated learning frameworks by $4$ to $14$ times. At the same time, the decryption efficiency is accelerated by about $140$ times in a blockchain financial system (ESORICS 2021) with the same memory overhead.

For the fast cryptographic operation, we newly propose a key encapsulation mechanism (KEM) called layered ROLLO-I by using block-wise interleaved ideal LRPC (BII-LRPC) codes. By multiplying random polynomials by small-sized ideal LRPC codes, faster operation can be obtained with an additional key size. Finally, some parameters of the proposed algorithm are suggested and compared with that of the existing ROLLO-I scheme.

Nakamoto's longest-chain consensus paradigm now powers the bulk of the world's cryptocurrencies and distributed finance infrastructure. An emblematic property of longest-chain consensus is that it provides probabilistic settlement guarantees that strengthen over time. This makes the exact relationship between settlement error and settlement latency a critical aspect of the protocol that both users and system designers must understand to make informed decisions. A recent line of work has finally provided a satisfactory rigorous accounting of this relationship for proof-of-work longest-chain protocols, but those techniques do not appear to carry over to the proof-of-stake setting.

This article develops explicit, rigorous settlement bounds for proof-of-stake longest-chain protocols, placing them on equal footing with their proof-of-work counterparts. Our techniques apply with some adaptations also to the proof-of-work setting where they provide improvements to the state-of-the-art settlement bounds for proof-of-work protocols.

Event date: 22 April to 23 April 2023
Submission deadline: 1 March 2023
Notification: 17 April 2023

Event date: 19 July to 21 July 2023
Submission deadline: 26 February 2023

Event date: 23 April to 28 April 2023
Submission deadline: 30 November 2022
Notification: 15 January 2023

The School of Engineering and Technology (SET) at the University of Washington (UW) Tacoma invites applications for a full-time tenure-track Assistant Professor position in the Computer Science and Systems (CSS) program. This full-time position has a nine-month service period beginning September 2023. The successful candidate will pursue a vigorous research agenda while demonstrating passion for teaching. The successful candidate will teach classes at graduate and undergraduate levels, conduct research that complements inquiry within the school, actively participate in university and professional service, while promoting a diverse and inclusive community of faculty, staff, and students. Highly qualified applicants from any area of computer science or related fields will be considered. The CSS program offers bachelors, masters, and doctoral degrees and faculty engage in research in Bioinformatics, Cryptography and Information Security, Data Science and Machine Learning, Distributed Systems (Cloud Computing, Internet of Things, Smart Cities, and Vehicular Networks), GIS, and other areas. The CSS program is within SET at the University of Washington Tacoma, one of three UW campuses. Applications must be submitted electronically to: http://apply.interfolio.com/116931 .

Closing date for applications:

Contact: Questions related to this position are to be directed to the search committee chair, Dr. Wes J. Lloyd, at wlloyd@uw.edu.

More information: http://apply.interfolio.com/116931

Two doctoral positions in cryptography and privacy are open in the Security Group at University College Cork (UCC), Ireland. Both positions are fully funded through research grants.

The first PhD will investigate adaptive privacy-preservation in IoT, and is funded by a Science Foundation Ireland grant (part of the CONNECT Centre). Research work will focus on local differential privacy and homomorphic encryption in IoT settings.
The second PhD will investigate anonymity and privacy of health data, and how they can be securely shared across different European health system. The position is funded by the EU Horizon Europe SECURED project. Research will focus on statistical re-identification attacks on anonymous health datasets. It will also explore privacy-preserving synthetic data generation.

Candidates should have a background/strong interest in security and privacy, as well as a good grasp of mathematics. Previous experience in cryptography is an asset, but is not required. Applicants should hold a good honours undergraduate or Masters degree in computer science, computer engineering, mathematics, or other relevant subject.

The successful applicant will receive a tax-free stipend of €18,500 per annum for up to four years, and tuition fees will be covered by the grant. The Government of Ireland is currently reviewing PhD stipends, and it is likely that the stipend will increase to match inflation.
A research and travel budget is also available to present at international conferences, purchase equipment etc.
The PhDs will work under the supervision of Dr. Paolo Palmieri (and Dr. Hazel Murray, MTU, in the first project). They will join the thriving Security Group at UCC, where several other PhDs and PostDocs are carrying out related research, and will have the opportunity to collaborate with the group extensive network of international collaborations.

Deadline: November 22, but early applications are encouraged

Closing date for applications:

Contact: Please submit your application using the web form at the link above. Please include: a cover letter; an up to date CV; and university transcripts.

E-mail applications will not be considered, but informal inquiries are welcome, and can be sent to Dr. Paolo Palmieri at p.palmieri@cs.ucc.ie

More information: https://ucc.qualtrics.com/jfe/form/SV_dmVI6vyPTRwgs2G

I am searching for outstanding Ph.D. candidates to start in the early months of 2023. The positions will be part of the Coding and Cryptography group at TU/e.

Possible topics fall into the field of provable security with a focus on the construction of efficient cryptographic building blocks and protocols, including

• (post-quantum) secure key exchange and messaging protocols and
  
• (post-quantum) secure digital signatures and public key encryption in realistic security models
  
• impossibility results/lower bounds for provably secure constructions.

The fully-funded positions offer exciting research in a highly international research environment. Candidates from outside of the Netherlands can be eligible for an additional tax reduction scheme.

Requirements:

• a Master's degree (or equivalent) with excellent grades in computer science, mathematics, or IT security.
  
• strong mathematical and/or algorithmic/theoretical CS background.
  
• good knowledge of cryptography and provable security.
  
• good written and verbal communication skills in English (Dutch is not required).

TU/e embraces diversity and inclusion. Therefore, people from all backgrounds are invited to apply, without regard to sex, gender, race, ethnicity, nationality, age, socioeconomic status, identity, visible or invisible disability, religion, or sexual orientation.

To apply, prepare a single PDF file that includes a CV with a course list and grades. The application deadline is December 15th, 2022.

Applications and questions can be directed to s.schage@tue.nl.

Closing date for applications:

Contact: Sven Schäge

More information: https://www.tue.nl/en/research/research-groups/mathematics/discrete-mathematics/coding-theory-and-cryptology/

The Department of Computer Science at the University of York has several PhD studentships available for exceptional Home (UK & Ireland) and Overseas students through the Doctoral Centre for Safe, Ethical and Secure Computing (SEtS).

The Cyber Security and Privacy Research Group at the Department calls for students who are interested in pursuing a PhD in the following topics:

• Security of New and Emerging Networks: including security of Internet of Things (IoT) devices and networks, security and safety in robotics and autonomous systems, security and safety of unmanned aerial vehicles (UAV), and security of underwater networks and communications,
• Usable Security and Privacy: Web measurement to analyse and combat web tracking, developing privacy-enhancing technologies. usable security and privacy, and human factors in cyber security and privacy,
• Applied Cryptography: Design and analysis of provably-secure cryptographic schemes and protocols, especially those that preserve or enhance privacy, and including but not limited to automated formal analysis and mechanisation of proofs of security protocols,
• Malware Analysis and Detection: including different types of malware, such as ransomware and spyware, malware targeting mobile platforms (e.g. Android) or industrial control systems and critical infrastructure,
• Machine Learning for IoT Security: Machine learning techniques for IoT behavioural fingerprinting and attack detection for network security, and
• Privacy-Preserving Machine Learning: Edge based machine learning systems such as federated learning, and how to quantify, control, and manage privacy in such systems.

The available projects are supervised by a combination of faculty members including Dr. Roberto Metere, Dr. Siamak F. Shahandashti, Dr. Vasileios Vasilakis, Dr. Yuchen Zhao, and Dr. Poonam Yadav.

For more information please visit https://docs.google.com/document/d/1VtrNtFG1zy54o0BzymHj56gY--YEw2ch3EG18gnb3Lc

Closing date for applications:

Contact: sets-csp-group@york.ac.uk

More information: https://docs.google.com/document/d/1VtrNtFG1zy54o0BzymHj56gY--YEw2ch3EG18gnb3Lc

The Department of Computer Science is a research-intensive department made up of over 70 academics delivering on-campus programmes to more than 800 students and online courses to over 1500 students. Our vision is to be internationally leading on education and research into engineering safe, ethical and secure computational systems.

The Department of Computer Science is recruiting up to six lecturers to support the development and delivery of our degree programmes at both undergraduate and postgraduate level. This would include the ability to teach across our general range of subjects as well as more specialist modules in their own research area. We are particularly seeking candidates who enhance our existing research groups. Candidates must be able to supervise projects in one or more of the following key areas: Cyber Security, Artificial Intelligence and Data Analysis. We would consider candidates with non-traditional academic backgrounds where they have significant experience of working with, or in, a safety-critical industry.

Closing date for applications:

Contact: For informal enquiries: please contact Prof. Iain Bate at iain.bate@york.ac.uk.

More information: https://jobs.york.ac.uk/vacancy/lecturers-505454.html

The post-quantum cryptography research group at the Department of Software Systems and Cybersecurity, Faculty of Information Technology, Monash University, Australia, has Ph.D. student scholarship openings for research projects funded by our Algorand Centre of Excellence ACE-SIP Program, including in particular the following areas:

1. Post-quantum cryptographic primitives and their practical applications in blockchain protocols.

2. Post-quantum Zero Knowledge Proof and SNARK protocols and their applications for privacy preserving blockchain transactions and smart contracts.

Students will have the opportunity to work in an excellent research environment and collaborate with experts in cryptography and blockchain systems, and with Algorand industry partners.

Monash University is among the leading universities in Australia and is located in Melbourne, ranked as Australia's most liveable city and among the most liveable cities in the world.

Applicants should have (or expected to complete in the next 12 months) a Masters or Honours equivalent qualification with a research thesis, with excellent grades in mathematics, theoretical computer science, cryptography, or closely related areas. They should have excellent English verbal and written communication skills. Programming experience and skills, especially in Sagemath/python/Magma and/or C/C++, are also highly desirable.

Closing date for applications:

Contact: To apply, email ron.steinfeld@monash.edu by 30 Nov 2022 with the subject “Algorand ACE PQC PhD Application” and attach a single pdf with cover letter stating research interests, CV (including qualifications with GPA grades, reference contact details), and ugrad and pgrad transcripts.

More information: http://ace-sip.org/

Hardware Security Research Labs (HECTOR) at North Carolina State University is seeking two PhD student to carry out the research in funded projects on side-channel security and fault injection attacks on cryptography and AI/ML hardware.

To apply for the position, please send the following to aaysu@ncsu.edu :
1) Your detailed CV.
2) Your relevant publications (or pending papers).

Applicants with MS and industry experience will be favored. The projects cover full tuition fee, benefits (including health insurance), and the typical annual stipend in my group is $30k-35k – exceptions can be made for outstanding applicants.

Closing date for applications:

Contact: Dr. Aydin Aysu (aaysu@ncsu.edu)

The application security and cryptography group at the Lucerne School of Information Technology in Rotkreuz, Switzerland has open positions for PhD students and research associates to work on applied cryptography and quantum information projects.

Doctoral Position in Cryptography & Quantum Information (https://recruitingapp-2678.umantis.com/Vacancies/2467/Description/1)

Senior Research Associate Cryptography and Quantum Information (https://recruitingapp-2678.umantis.com/Vacancies/2466/Description/1)

Senior Research Associate Security Software Engineer (https://recruitingapp-2678.umantis.com/Vacancies/2465/Description/1) Candidates should have a strong background in IT security and cryptography and/or good software engineering skills; knowledge in quantum information is advantageous.

Closing date for applications:

Contact: For questions contact Esther Hänggi; applications via the link in the main text

The cryptography group at University of Wuppertal in Germany is offering positions for Ph.D. students and postdoctoral researchers. Our group is working on various topics on the foundations of real-world cryptography.

We are looking for new team members with a strong background in cryptography, theoretical computer science, or mathematics and a very strong interest in topics such as (post-quantum secure) cryptographic protocols, concrete security of real-world cryptosystems, and the possibility and impossibility of formal security proofs for practical cryptosystems.

We offer positions in an active research group with a strong research orientation. All positions are fully funded and equipped with a competitive salary (100% E13), and will remain open until filled. The starting date can be arranged flexibly, in the period from spring to summer 2023.

The city of Wuppertal is centrally located and offers a wide range of attracttions at affordable living costs. Cities such as Cologne, Düsseldorf, Essen and the Ruhr area can be reached in under 30 minutes by public transportation. Wuppertal was listed as one of the 20 best places to visit by CNN Travel in 2020 (https://edition.cnn.com/travel/article/places-to-visit-2020/index.html).

Please contact Tibor Jager or the team members for further information on the positions, the group, or the environment.

Closing date for applications:

Contact: Tibor Jager

More information: https://itsc.uni-wuppertal.de/en/

We construct the most efficient (in the argument size and the verifier's computation) known falsifiable set (non-)membership NIZK $\Pi^*$, where the membership (resp., non-membership) argument consists of only $9$ (resp., $15$) group elements. It also has a universal CRS. $\Pi^*$ is based on the novel concept of determinantal accumulators. Determinantal primitives have a similar relation to recent pairing-based (non-succinct) NIZKs of Couteau and Hartmann (Crypto 2020) and Couteau et al. (CLPØ, Asiacrypt 2021) that structure-preserving primitives have to the NIZKs of Groth and Sahai. $\Pi^*$ is considerably more efficient than known falsifiable based set (non-)membership NIZKs. We also extend CLPØ by proposing efficient (non-succinct) set non-membership arguments for a large class of languages.

At CRYPTO 1994, Cramer, Damg{\aa}rd and Schoenmakers proposed a general method to construct proofs of knowledge (PoKs), especially for $k$-out-of-$n$ partial knowledge, of which relations can be expressed in disjunctive normal form (DNF). Since then, proofs of $k$-out-of-$n$ partial knowledge have attracted much attention and some efficient constructions have been proposed. However, many practical scenarios require efficient PoK protocols for partial knowledge in other forms.

In this paper, we mainly focus on PoK protocols for $k$-conjunctive normal form ($k$-CNF) relations, which have $n$ statements and can be expressed as follows: (i) $k$ statements constitute a clause via ``OR'' operations, and (ii) the relation consists of multiple clauses via ``AND'' operations. We propose an alternative Sigma protocol (called DAG-$\Sigma$ protocol) for $k$-CNF relations (in the discrete logarithm setting), by converting these relations to directed acyclic graphs (DAGs). Our DAG-$\Sigma$ protocol achieves less communication cost and smaller computational overhead compared with Cramer et al.'s general method.

Threshold ring signatures are digital signatures that allow $t$ parties to sign a message while hiding their identity in a larger set of $n$ users called ''ring''. Recently, Aranha et al. [PKC 2022] introduced the notion of \emph{extendable} threshold ring signatures (ETRS). ETRS allow one to update, in a non-interactive manner, a threshold ring signature on a certain message so that the updated signature has a greater threshold, and/or an augmented set of potential signers. An application of this primitive is anonymous count me in. A first signer creates a ring signature with a sufficiently large ring announcing a proposition in the signed message. After such cause becomes \emph{public}, other parties can anonymously decide to support that proposal by producing an updated signature. Crucially, such applications rely on partial signatures being posted on a \emph{publicly accessible} bulletin board since users may not know/trust each other.

In this paper, we first point out that even if anonymous count me in was suggested as an application of ETRS, the anonymity notion proposed in the previous work is insufficient in many application scenarios. Indeed, the existing notion guarantees anonymity only against adversaries who just see the last signature, and are not allowed to access the ''full evolution" of an ETRS. This is in stark contrast with applications where partial signatures are posted in a public bulletin board. We therefore propose stronger anonymity definitions and construct a new ETRS that satisfies such definitions. Interestingly, while satisfying stronger anonymity properties, our ETRS asymptotically improves on the two ETRS presented in prior work [PKC 2022] in terms of both time complexity and signature size. Our ETRS relies on extendable non-interactive witness-indistinguishable proof of knowledge (ENIWI PoK), a novel technical tool that we formalize and construct, and that may be of independent interest. We build our constructions from pairing groups under the SXDH assumption.

TinyJAMBU is one of the finalists in the NIST lightweight standardization competition. This paper presents full round practical zero-sum distinguishers on the keyed permutation used in TinyJAMBU. We propose a full round zero-sum distinguisher on the 128- and 192-bit key variants and a reduced round zero-sum distinguisher for the 256-bit key variant in the known-key settings. Our best known-key distinguisher works with $2^{16}$ data/time complexity on the full 128-bit version and with $2^{23}$ data/time complexity on the full 192-bit version. For the 256-bit ver- sion, we can distinguish 1152 rounds (out of 1280 rounds) in the known- key settings. In addition, we present the best zero-sum distinguishers in the secret-key settings: with complexity $2^{23}$ we can distinguish 544 rounds in the forward direction or 576 rounds in the backward direction. For finding the zero-sum distinguisher, we bound the algebraic degree of the TinyJAMBU permutation using the monomial prediction technique proposed by Hu et al. at ASIACRYPT 2020. We model the monomial prediction rule on TinyJAMBU in MILP and find upper bounds on the degree by computing the parity of the number of solutions.

Various systematic modifications of vectorial Boolean functions have been used for finding new previously unknown classes of S-boxes with good or even optimal differential uniformity and nonlinearity. Recently, a new method was proposed for modification a component of a bijective vectorial Boolean function by using a linear function. It was shown that the modified function remains bijective under the assumption that the inverse of the function admits a linear structure. A previously known construction of such a modification based on bijective Gold functions in odd dimension is a special case of this type of modification. In this paper, we show that the existence of a linear structure is necessary. Further, we consider replacement of a component of a bijective vectorial Boolean function in the general case. We prove that a permutation on $\mathbb{F}_2^n$ remains bijective if and only if the replacement is done by composing the permutation with an unbalanced Feistel transformation where the round function is any Boolean function on $\mathbb{F}_2^{n-1}$.