International Association
for Cryptologic Research

This paper presents the first functional encryption (FE) scheme for the attribute-weighted sum (AWS) functionality that supports the uniform model of computation. In such an FE scheme, encryption takes as input a pair of attributes (x,z) where the attribute x is public while the attribute z is private. A secret key corresponds to some weight function f, and decryption recovers the weighted sum f(x)z. This is an important functionality with a wide range of potential real life applications, many of which require the attribute lengths to be flexible rather than being fixed at system setup. In the proposed scheme, the public attributes are considered as binary strings while the private attributes are considered as vectors over some finite field, both having arbitrary polynomial lengths that are not fixed at system setup. The weight functions are modeled as Logspace Turing machines. Prior schemes [Abdalla, Gong, and Wee, CRYPTO 2020 and Datta and Pal, ASIACRYPT 2021] could only support non-uniform Logspace. The proposed scheme is built in asymmetric prime-order bilinear groups and is proven adaptively simulation secure under the well-studied symmetric external Diffie-Hellman (SXDH) assumption against an arbitrary polynomial number of secret key queries both before and after the challenge ciphertext. This is the best possible level of security for FE as noted in the literature. As a special case of the proposed FE scheme, we also obtain the first adaptively simulation secure inner-product FE (IPFE) for vectors of arbitrary length that is not fixed at system setup. On the technical side, our contributions lie in extending the techniques of Lin and Luo [EUROCRYPT 2020] devised for payload hiding attribute-based encryption (ABE) for uniform Logspace access policies avoiding the so-called “one-use” restriction in the indistinguishability-based security model as well as the “three-slot reduction” technique for simulation-secure attribute-hiding FE for non-uniform Logspace devised by Datta and Pal [ASIACRYPT 2021] to the context of simulation-secure attribute-hiding FE for uniform Logspace.

We provide a $\Sigma$-protocol for proving that two values committed in different groups are equal. We study our protocol in Lyubashevsky's framework "Fiat-Shamir with aborts" (Asiacrypt’09) and offer concrete parameters for instantiating it. We explain how to use it to compose SNARKs with $\Sigma$-protocols, create efficient proofs of solvency on cryptocurrencies, and join of attributes across different anonymous credentials.

We introduce the first decentralized trusted setup protocols for constructing a powers-of-tau structured reference string. Facilitated by a blockchain platform, our protocols can run in a permissionless manner, with anybody able to participate in exchange for paying requisite transaction fees. The result is secure as long as any single party participates honestly. We introduce several protocols optimized for different sized powers-of-tau setups and using an on-chain or off-chain data availability model to store the resulting string. We implement our most efficient protocol on top of Ethereum, demonstrating practical concrete performance numbers.

This paper analyses the lightweight, sponge-based NAEAD mode $\textsf{ISAP}$, one of the finalists of the NIST Lightweight Cryptography (LWC) standardisation project, that achieves high-throughput with inherent protection against differential power analysis (DPA). We observe that $\textsf{ISAP}$ requires $256$-bit capacity in the authentication module to satisfy the NIST LWC security criteria. In this paper, we study the analysis carefully and observe that this is primarily due to the collision in the associated data part of the hash function which can be used in the forgery of the mode. However, the same is not applicable to the ciphertext part of the hash function because a collision in the ciphertext part does not always lead to a forgery. In this context, we define a new security notion, named $\textsf{2PI+}$ security, which is a strictly stronger notion than the collision security, and show that the security of a class of encrypt-then-hash based MAC type of authenticated encryptions, that includes $\textsf{ISAP}$, reduces to the $\textsf{2PI+}$ security of the underlying hash function used in the authentication module. Next we investigate and observe that a feed-forward variant of the generic sponge hash achieves better $\textsf{2PI+}$ security as compared to the generic sponge hash. We use this fact to present a close variant of $\textsf{ISAP}$, named $\textsf{ISAP+}$, which is structurally similar to $\textsf{ISAP}$, except that it uses the feed-forward variant of the generic sponge hash in the authentication module. This improves the overall security of the mode, and hence we can set the capacity of the ciphertext part to $192$ bits (to achieve a higher throughput) and yet satisfy the NIST LWC security criteria.

We introduce a modification of the Russian standardized AEAD MGM mode — an MGM2 mode, for which a nonce is not encrypted anymore before using it as an initial counter value. For the new mode we provide security bounds regarding security notions in the nonce-misuse setting (MRAE-integrity and CPA-resilience). The obtained bounds are even better than the bounds obtained for the original MGM mode regarding standard security notions.

Continuous authentication has been proposed as a complementary security mechanism to password-based authentication for computer devices that are handled directly by humans, such as smart phones. Continuous authentication has some privacy issues as certain user features and actions are revealed to the authentication server, which is not assumed to be trusted. Wei et al. proposed in 2021 a privacy-preserving protocol for behavioral authentication that utilizes homomorphic encryption. The encryption prevents the server from obtaining sampled user features. In this paper, we show that the Wei et al. scheme is insecure regarding both an honest-but-curious server and an active eavesdropper. We present two attacks. The first attack enables the authentication server to obtain the secret user key, plaintext behavior template and plaintext authentication behavior data from encrypted data. The second attack enables an active eavesdropper to restore the plaintext authentication behavior data from the transmitted encrypted data.

We demonstrate that a modification of the classical index calculus algorithm can be used to factor integers. More generally, we reduce the factoring problem to finding an overdetermined system of multiplicative relations in any factor base modulo $n$, where $n$ is the integer whose factorization is sought. The algorithm has subexponential runtime $\exp(O(\sqrt{\log n \log \log n}))$ (or $\exp(O( (\log n)^{1/3} (\log \log n)^{2/3} ))$ with the addition of a number field sieve), but requires a rational linear algebra phase, which is more intensive than the linear algebra phase of the classical index calculus algorithm. The algorithm is certainly slower than the best known factoring algorithms, but is perhaps somewhat notable for its simplicity and its similarity to the index calculus.

Two main secondary constructions of bent functions are the direct and indirect sum methods. We show that the direct sum, under more relaxed conditions compared to those in \cite{PolujanandPott2020}, can generate bent functions provably outside the completed Maiorana-McFarland class ($\mathcal{MM}^\#$). We also show that the indirect sum method, though imposing certain conditions on the initial bent functions, can be employed in the design of bent functions outside $\mathcal{MM}^\#$. Furthermore, applying this method to suitably chosen bent functions we construct several generic classes of homogenous cubic bent functions (considered as a difficult problem) that might posses additional properties (namely without affine derivatives and/or outside $\mathcal{MM}^\#$). Our results significantly improve upon the best known instances of this type of bent functions given by Polujan and Pott \cite{PolujanandPott2020}, and additionally we solve an open problem in \cite[Open Problem 5.1]{PolujanandPott2020}. More precisely, we show that one class of our homogenous cubic bent functions is non-decomposable (inseparable) so that $h$ under a non-singular transform $B$ cannot be represented as $h(xB)=f(y)\oplus g(z)$. Finally, we provide a generic class of vectorial bent functions strongly outside $\mathcal{MM}^\#$ of relatively large output dimensions, which is generally considered as a difficult task.

With the emergence of decentralized systems, spearheaded by blockchains, threshold cryptography has seen unprecedented adoption. Just recently, the trustless distribution of threshold keys over an unreliable network has started to become practical. The next logical step is ensuring the security of these keys against persistent adversaries attacking the system over long periods of time.

In this work, we tackle this problem and give two practical constructions for Asynchronous Proactive Secret Sharing. Our first construction uses recent advances in asynchronous protocols and achieves a communication complexity of $O(n^3)$ where $n$ is the total number of nodes in the network. The second protocol builds upon the first and uses sortition to drive down the communication complexity to $O(c n^2)$. Here, $c$ is a tunable parameter that controls the expected size of the sharing committee chosen using the existing random coin.

Additionally, we identify security flaws in prior work and ensure that our protocols are secure by giving rigorous proofs. Moreover, we introduce a related notion which we term Asynchronous Refreshable Secret Sharing — a functionality that also re-randomizes the secret itself. Finally, we demonstrate the practicability of our constructions by implementing them in Rust and running large-scale, geo-distributed benchmarks.

User attributes can be authenticated by an attribute-based anonymous credential while keeping the anonymity of the user. Most attribute-based anonymous credential schemes are designed specifically for either multi-use or single-use. In this paper, we propose a unified attribute-based anonymous credential system, in which users always obtain the same format of credential from the issuer. The user can choose to use it for an efficient multi-use or single-use show proof. It is a more user-centric approach than the existing schemes. Technically, we propose an interactive approach to the credential issuance protocol using a two-party computation with an additive homomorphic encryption. At the same time, it keeps the security property of impersonation resilience, anonymity, and unlinkability. Apart from the interactive protocol, we further design the show proofs for efficient single-use credentials which maintain the user anonymity.

Radical Semiconductor is reinventing the credit card chip. With more powerful cryptography, custom apps, and ultra-high security, Radical silicon will power cryptocurrency hardware wallets, new financial technologies, and the entire banking ecosystem.

We are looking for highly-skilled, motivated, interdisciplinary, and diverse team members to help us build our very first custom OS, compiler stack, and cryptographic suite to run on our novel hardware. As an engineer in the earliest stages of Radical, your voice will be heard, and your decisions will impact the hardware that will one day end up in everyone’s wallet.

As an applied cryptographer, you will work directly with Radical’s VP of Information Security and CTO to develop a custom instruction set for implementing cryptographic algorithms, construct a compiler and simulator toolchain targeting this instruction set, and implement and optimize cryptographic algorithms using this toolchain. You will work closely with both the hardware and software design teams to create designs that offer high cryptographic agility with a small power and area footprint.

For full details, see our job posting under the "Jobs" tab at the link below.

Closing date for applications:

Contact: For applying, visit the link above. For any questions or hiring recommendations, reach out to katie@radicalsemiconductor.com.

More information: https://jobs.radicalsemiconductor.com

DIMACS, the Center for Discrete Mathematics and Theoretical Computer Science, based at Rutgers University in New Brunswick, New Jersey, USA, seeks a Deputy Director of the Center who would also serve as an Associate or Full Professor in a Rutgers department. Founded in 1989, DIMACS is a thriving consortium of seven universities and six companies. Its mission is to conduct research, catalyze research, and develop educational programs in the computational and mathematical sciences, including artificial intelligence, computing theory (algorithms, combinatorics, complexity), data science, discrete mathematics (geometry, graph theory), machine learning, modeling, optimization, and privacy. Activities often address applications in biology, cyber & physical security, economics, engineering, epidemiology, and sustainability, as well as topics in computer science and math education. The Deputy Director will co-lead the scientific, educational, financial, and administrative aspects of the Center; help guide its vision; further its interdisciplinary traditions; write grants and raise funds; and interact with initiatives across Rutgers and other partners, including DIMACS’s DHS center of excellence. DIMACS has excelled at catalyzing new research and adapting to its partners’ interests; the Deputy Director will contribute leadership in determining such new directions. The Deputy Director will serve a five-year (renewable) term at DIMACS and engage in research, teaching, and service in their home department. The candidate must have a Ph.D. and a strong record of research, academic service, and teaching ability suitable for a tenured faculty appointment in a field such as computer science, mathematics, operations research, or statistics. The ideal candidate’s research will connect to DIMACS’s roots in theoretical computer science and discrete mathematics, while branching to other areas, such as data science, AI, and machine learning. The candidate should have wide interests and demonstrated leadership abilities. A successful record of grant funding is preferred.

Closing date for applications:

Contact: Christine Spassione

More information: https://go.rutgers.edu/dimacsdeputy

We are now seeking an Assistant Professor, Associate Professor or Professor in the field of Information Security. The position is located in the Faculty of Information Technology and Communication Sciences at Tampere University, more specifically in the unit of Computing Sciences. The Network and Information Security group in the unit of Computing Sciences is an active and vibrant research group consisting of 2 professors, 3 lecturers, 4 senior researchers, and around 20 researchers and research assistants made up of postgraduate and graduate students. The core research competencies of the group are hardware-assisted security, privacy, applied cryptography, IoT security, network security, and security usability. We invite applicants with expertise in one or more of the following areas: Hardware Security: Candidates in this area are expected to have a proven track record of excellence in security-focused electrical engineering, signal processing, System-on-Chip design, computer architecture (e.g., RISC-V), hardware-software codesign, and/or digital design research and development. Topics of interest include hardware aspects of system security, side-channel analysis, and/or trusted execution environments. Software Security: Candidates in this area are expected to have a proven track record of excellence in security, privacy, anonymity, and/or crypto-focused software engineering, software assurance, static and dynamic analysis, formal verification, and/or trusted computing research and development. Topics of interest include software architectures, software testing, software aspects of side-channel analysis, trusted application development, and/or application areas such as privacy, anonymity, and/or cryptography. Applied Cryptography: Candidates in this area are expected to have a proven track record of excellence in both practical and theoretical aspects of cryptography research and development. Topics of interest include provable security, differential privacy, functional encryption, privacy-preserving analytics, and/or protocols.

Closing date for applications:

Contact: For more information, please contact: Professor Timo Hämäläinen, Computing Sciences Unit, timo.hamalainen@tuni.fi, tel. +358408490777 With questions related to the recruitment process, please contact HR specialist Meri Pere, meri.pere@tuni.fi.

More information: https://bit.ly/3UG3A2k

Applications are being invited for outstanding early-career scientists (up to eight years after PhD), interested in building their independent research group in the field of Information and Communication Technology at TU Wien. The proposed research area should contribute to the scientific advancement of the ICT field and demonstrate relevance to industry with a strong potential for mid-term technological and societal impact.

The selection follows a two-stage process: In stage one applicants apply for a tenure-track professorship at TU Wien (deadline 15 December 2022). In stage two, applicants apply for a WWTF grant together with a proponent of the applicant’s choice from TU Wien (deadline 15 March 2023).

The 14th Vienna Research Groups for Young Investigators call 2023 (https://wwtf.at/funding/programmes/vrg/#VRG23) is issued for up to three group leader positions as part of the WWTF’s Information and Communication Technology programme. WWTF especially encourages female candidates and takes unconventional research careers into consideration.

The WWTF grant amounts up to EUR 1.6 million for a total of 6-8 years. Successful candidates will be offered an Assistant-Professor position with tenure track at TU Wien.

The new research group will be part of the Security and Privacy research unit (https://secpriv.wien).

The topics of interest include but are not limited

• intersection between machine learning and security & privacy
• usable security
• formal methods for security
• system and network security
• applied cryptography

Apply here: https://jobs.tuwien.ac.at/Job/196427

Closing date for applications:

Contact: Matteo Maffei (first.last@tuwien.ac.at)

More information: https://www.tuwien.at/forschung/vienna-research-group-leader#c18022

The Department of Computer Science at the University of Toronto invites applications for multiple positions with appointment commencing on July 1, 2023, or shortly thereafter. Individuals are encouraged to apply to any and all relevant positions. We are conducting a targeted search in computer security and cryptography, and also have several positions open to all areas of computer science, both at the assistant and at the associate levels. The deadline for applications is January 9, 2023.

Closing date for applications:

Contact: Eitan Grinspun (recruit@cs.toronto.edu)

More information: https://web.cs.toronto.edu/employment-opportunities

We are looking for bright and motivated students who are interested in a graduate degree in cryptography. Several fully funded positions are available.

The cryptography research group at Oregon State University is led by Professors Mike Rosulek & Jiayu Xu. We have research interests in secure multi-party computation, password-based authentication, key agreement, and privacy-enhancing technologies.

Oregon State University is an R1 (high research activity) university, and its cryptography research group is highly rated on csrankings.org. Past graduates of the group have gone on to successful research positions in industry and academia. OSU is located in Corvallis, Oregon, a small college town (population 60k) located near Portland, the Pacific Ocean, and the Cascade Mountain range.

Students should have a BS degree in computer science or closely related technical discipline. A background in theoretical computer science and/or mathematics is preferred but not required.

Deadline for PhD applicants is December 1. Deadline for MS applicants is January 1. Interested students should select the CS degree program, and indicate an interest in the Cybersecurity research group.

For information on how to apply, see https://eecs.oregonstate.edu/academics/graduate/cs . For other questions, email rosulekm@eecs.oregonstate.edu or xujiay@oregonstate.edu

Closing date for applications:

Contact: Mike Rosulek & Jiayu Xu

More information: https://eecs.oregonstate.edu/academics/graduate/cs

Applications are invited for a Post-Doctoral Research Fellow position to conduct research into the design and implementation of practical, robust, and physically secure post-quantum cryptographic architectures. The research will be conducted as part of the collaborative UK Quantum Communications Hub project. Applicants must have at least a 2:1 Honours Degree in Electrical and Electronics Engineering, Computer Science, Mathematics or closely related discipline and a PhD, or expect, within 6 months, to obtain a PhD, in a relevant subject. At least 3 years relevant research experience in one or more of the following is essential: embedded systems design; FPGA or ASIC hardware design. Expertise in post-quantum cryptography and evidence of a strong publication record commensurate with career stage and experience is also essential.

Closing date for applications:

Contact: Dr Ciara Rafferty

More information: https://www.qub.ac.uk/sites/QUBJobVacancies/ResearchJobs/

Extending work leveraging program obfuscation to instantiate random-oracle-based transforms (e.g., Hohenberger et al., EUROCRYPT 2014, Kalai et al., CRYPTO 2017), we show that, using obfuscation and other assumptions, there exist standard-model hash functions that suffice to instantiate the classical RO-model encryption transforms OAEP (Bellare and Rogaway, EUROCRYPT 1994) and Fujisaki-Okamoto (CRYPTO 1999, J. Cryptology 2013) for specific public-key encryption (PKE) schemes to achieve IND-CCA security. Our result for Fujisaki-Okamoto employs a simple modification to the scheme. Our instantiations do not require much stronger assumptions on the base schemes compared to their corresponding RO-model proofs. For example, to instantiate low-exponent RSA-OAEP, the assumption we need on RSA is sub-exponential partial one-wayness, matching the assumption (partial one-wayness) on RSA needed by Fujisaki et al. (J. Cryptology 2004) in the RO model up to sub-exponentiality. For the part of Fujisaki-Okamoto that upgrades public-key encryption satisfying indistinguishability against plaintext checking attack to IND-CCA, we again do not require much stronger assumptions up to sub-exponentiality. We obtain our hash functions in a unified way, extending a technique of Brzuska and Mittelbach (ASIACRYPT 2014). We incorporate into their technique: (1) extremely lossy functions (ELFs), a notion by Zhandry (CRYPTO 2016), and (2) multi-bit auxiliary-input point function obfuscation (MB-AIPO). While MB-AIPO is impossible in general (Brzuska and Mittelbach, ASIACRYPT 2014), we give plausible constructions for the special cases we need, which may be of independent interest.

Multi-party quantum computation (MPQC) allows a set of parties to securely compute a quantum circuit over private quantum data. Current MPQC protocols rely on the fact that the network is synchronous, i.e., messages sent are guaranteed to be delivered within a known fixed delay upper bound, and unfortunately completely break down even when only a single message arrives late.

Motivated by real-world networks, the seminal work of Ben-Or, Canetti and Goldreich (STOC'93) initiated the study of multi-party computation for classical circuits over asynchronous networks, where the network delay can be arbitrary. In this work, we begin the study of asynchronous multi-party quantum computation (AMPQC) protocols, where the circuit to compute is quantum.

Our results completely characterize the optimal achievable corruption threshold: we present an $n$-party AMPQC protocol secure up to $t

Numerous security vulnerability assessment techniques urge precise and fast finite state machines (FSMs) extraction from the design under evaluation. Sequential logic locking, watermark insertion, fault-injection assessment of a System-ona- Chip (SoC) control flow, information leakage assessment, and reverse engineering at gate-level abstraction, to name a few, require precise FSM extraction from the synthesized netlist of the design. Unfortunately, no reliable solutions are currently available for fast and precise extraction of FSMs from the highly unstructured gate-level netlist for effective security evaluation. The major challenge in developing such a solution is precise recognition of FSM state flip-flops in a netlist having a massive collection of flip-flops. In this paper, we propose FSMx-Ultra, a framework for extracting FSMs from extremely unstructured gate-level netlists. FSMx-Ultra utilizes state-of-the-art graph theory concepts and algorithms to distinguish FSM state registers from other registers and then constructs gate-level state transition graphs (STGs) for each identified FSM state register using automatic test pattern generation (ATPG) techniques. The results of our experiments on 14 open-source benchmark designs illustrate that FSMx-Ultra can recover all FSMs quickly and precisely from synthesized gate-level netlists of diverse complexity and size utilizing various state encoding schemes.