International Association
for Cryptologic Research

Shuffling is a well-known countermeasure against side-channel analysis. It typically uses the Fisher-Yates (FY) algorithm to generate a random permutation which is then utilized as the loop iterator to index the processing of the variables inside the loop. The processing order is scrambled as a result, making side-channel analysis more difficult. Recently, a side-channel attack on a masked and shuffled implementation of Saber requiring 61,680 power traces to extract the secret key was reported. In this paper, we present an attack that can recover the secret key of Saber from 4,608 traces. The key idea behind the 13-fold improvement is to recover FY indexes directly, rather than by extracting the message Hamming weight and bit flipping, as in the previous attack. We capture a power trace during the execution of the decapsulation algorithm for a given ciphertext, recover FY indexes 0 and 255, and extract the corresponding two message bits. Then, we modify the ciphertext to cyclically rotate the message, capture a power trace, and extract the next two message bits with FY indexes 0 and 255. In this way, all message bits can be extracted. By recovering messages contained in k ∗ l chosen ciphertexts constructed using a new method based on error-correcting codes with length l, where k is the security level, we recover the long term secret key. To demonstrate the generality of the presented approach, we also recover the secret key from a masked and shuffled implementation of CRYSTALS-Kyber, which NIST recently selected as a new public-key encryption and key-establishment algorithm to be standardized.

Modern attestation based on Trusted Execution Environments (TEEs) can significantly reduce the risk of secret compromise by attackers, while allowing users to authenticate across various services. However, this has also made TEEs a high-value attack target, driving an arms race between novel compromise attacks and continuous TEEs updates. Ideally, we would like to ensure that we achieve Post-Compromise Security (PCS): even after a compromise, we can update the TEE into a secure state. However, at the same time, we would like the privacy of users to be respected, preventing providers (such as Intel, Google, or Samsung) or services from tracking users. In this work, we develop TokenWeaver, the first privacy-preserving post-compromise secure attestation method with automated formal proofs for its core properties. We base our construction on weaving together two types of token chains, one of which is linkable and the other is unlinkable. We provide the full formal models, including protocol, security properties, and proofs for reproducibility, as well as a proof-of-concept implementation in python that shows the simplicity and applicability of our solution.

We introduce the first candidate lattice-based Designated Verifier (DV) ZK-SNARK protocol with \emph{quasi-optimal proof length} (quasi-linear in the security/privacy parameter), avoiding the use of the exponential smudging technique. Our ZK-SNARK also achieves significant improvements in proof length in practice, with proofs length below $6$ KB for 128-bit security/privacy level. Our main technical result is a new regularity theorem for `private' re-randomization of Module LWE (MLWE) samples using discrete Gaussian randomization vectors, also known as a lattice-based leftover hash lemma with leakage, which applies with a discrete Gaussian re-randomization parameter that is polynomial in the statistical privacy parameter. To obtain this result, we obtain bounds on the smoothing parameter of an intersection of a random $q$-ary SIS module lattice, Gadget SIS module lattice, and Gaussian orthogonal module lattice over standard power of 2 cyclotomic rings, and a bound on the minimum of module gadget lattices. We then introduce a new candidate \emph{linear-only} homomorphic encryption scheme called Module Half-GSW (HGSW), which is a variant of the GSW somewhat homomorphic encryption scheme over modules, and apply our regularity theorem to provide smudging-free circuit-private homomorphic linear operations for Module HGSW.

We are offering fully funded Ph.D. and PostDoc opportunities at NUS-Singapore and the University of Sheffield, UK. The candidates will have opportunities to work in both Singapore and Sheffield (UK). Requirements for Ph.D. Position • Completed Master’s degree (or equivalent) at a top university in information security, computer science, applied mathematics, electrical engineering, or a similar area • Research experience (such as publishing papers as a first author in reputable venues) • Self-motivated, reliable, creative, can work in a team and want to do excellent research on challenging scientific problems with practical relevance Requirements for Postdoc Position • Completed PhD degree (or equivalent) at a top university in IT security, computer science, applied mathematics, electrical engineering, or a similar area • Publications at top venues (CORE rank A*/A) for information security/applied cryptography (e.g., TDSC, TIFS, WISEC, NDSS, USENIX SEC), ideally on security protocols and secure computation • Experience in software development, project management and supervising students • Self-motivated, reliable, creative, can work in a team and want to do excellent research on challenging scientific problems with practical relevance How to apply? Please send me your CV with detailed information. For the Postdoc position, please send three of your best papers. Contact: Dr Prosanta Gope (p.gope@sheffield.ac.uk)

Closing date for applications:

Contact: Dr Prosanta Gope (p.gope@sheffield.ac.uk)

We are offering multiple fully funded positions as Ph.D. students or PostDocs in the project CRYPTOECONOMICS. The CRYPTOECONOMICS project explores the intersection between cryptography and game theory for the use case of decentralized finance. The project will be carried out jointly by researchers in cryptography at TU Darmstadt and algorithmic game theory at Goethe University Frankfurt. As a member of the CRYPTOECONOMICS project, you will conduct research on blockchain technologies and publish/present your results at top venues for research in blockchains, cryptography, IT Security and algorithmic game theory. Topics of particular interest include (but are not limited to):

• Cryptography for Blockchains and Cryptocurrencies
• Decentralized Finance
• Economics and Computation
• Design and Analysis of Distributed Algorithms

For a PhD position, you hold a Master degree from a top university with excellent grades in computer science, mathematics, or a similar area. You have a strong mathematical and/or algorithmic/theoretical CS background and are fluent in English. Knowledge in one of the topics mentioned above is a plus. To apply for a PostDoc position, you additionally hold a PhD and have publications at top venues in one of the topics mentioned above (e.g. Crypto, Eurocrypt, TCC, CCS, FC, AFT, STOC, FOCS, SODA, EC, AAAI, IJCAI).

Your application should contain a CV, record of grades, a short motivation letter and at least one contact for a reference letter. Since there are multiple positions available please indicate in your application if your main interest lies in cryptography or game theory.

The project is part of the ATHENE national center for IT security and privacy, which is one of Europe’s largest centers for research in IT security. We offer an excellent working environment in the heart of the Frankfurt Metropolitan Area, which is internationally well-known for its high quality of life. The review of applications starts immediately until the positions are filled.

Closing date for applications:

Contact:
Sebastian Faust (office.cac@cysec.de)
Martin Hoefer (mhoefer@em.uni-frankfurt.de)

The Virginia Tech Department of Mathematics anticipates Postdoctoral Associate positions, including one position as the Patricia Ann Caldwell Post-Doctoral Fellow with a start date of August 10, 2023, at our Blacksburg, VA, campus. Apply Here https://careers.pageuppeople.com/968/cw/en-us/job/522806/postdoctoral-associate 

Closing date for applications:

Contact: Department of Mathematics (0123) 460 McBryde Hall, Virginia Tech 225 Stanger Street Blacksburg, VA 24061-1026

More information: https://careers.pageuppeople.com/968/cw/en-us/job/522806/postdoctoral-associate#.Y430yuaQ8lg.link

Simula UiB (https://simula-uib.com) is a research centre in Cryptography and Information Theory located in Bergen, Norway. We are currently looking for an outstanding candidate for a PhD researcher position in the area of symmetric-key cryptography. The successful candidate will work under the supervision of Prof Carlos Cid, towards a PhD degree from the University of Bergen. The research topic will be one of the following:

• Design and analysis of dedicated symmetric-key ciphers for privacy-preserving mechanisms (e.g. MPC, FHE, ZKP schemes); or,
• Quantum cryptanalysis of symmetric-key primitives.

We are looking for a candidate who has recently completed, or is about to complete, a master’s degree in cryptography, mathematics, or a closely related field. This is a 4-year position, with the student dedicating 25% of their time to compulsory work related to their research area.

Interested candidates should apply via the link https://www.simula.no/about/job/phd-student-symmetric-key-cryptography . The deadline for application is Sunday 5 February 2023. However applications will be screened continuously, and we may conclude recruitment as soon as we find the right candidate. The starting date is negotiable.

Closing date for applications:

Contact: For additional enquiries, please contact Carlos Cid (carlos@simula.no)

More information: https://www.simula.no/about/job/phd-student-symmetric-key-cryptography

Various matrix relations widely appeared in data-intensive computations, as a result their zero-knowledge proofs/arguments (ZKP/ZKA) are naturally required in large-scale private computing applications. In the first part of this paper, we concretely establish efficient zero-knowledge arguments for linear matrix relation AU = B and bilinear relation UQV = Y over the residue ring Zm with logarithmic message complexity. We take a direct, matrix-oriented (rather than vector-oriented in usual) approach to such establishments on basis of the elegant commitment scheme over the ring recently established by Attema et al[16]. The constructed protocols are public coin and in c.r.s paradigm (c.r.s used only as the public-key of the commitment scheme), suitable for any size matrices and outperform the protocols constructed in usual approach when number of columns > log(number of rows) with significantly smaller c.r.s., fewer rounds and lower message complexity, particularly for large-size squares. The on-line computational complexity is almost the same for both approaches. In the second part, on basis of the simulation-sound tag-based trapdoor commitment schemes we establish a general compiler to transform any public coin proof/argument protocol into the one which is concurrently non-malleable with unchanged number of rounds, properly increased message and computational complexity. Such enhanced protocols, e.g., the versions compiled from those constructed in the first part of this work, can run in parallel environment while keeping all their security properties, particularly resisting man-in-the-middle attacks.

We propose a novel privacy-preserving, two-party computation of various distance metrics (e.g., Hamming distance, Scalar Product) followed by a comparison with a fixed threshold, which is known as one of the most useful and popular building blocks for many different applications including machine learning, biometric matching, etc. Our solution builds upon recent advances in functional secret sharing and makes use of an optimized version of arithmetic secret sharing. Thanks to this combination, our new solution named Funshade is the first to require only one round of communication and two ring elements of communication in the online phase, outperforming all prior state-of-the-art schemes while relying on lightweight cryptographic primitives. Lastly, we implement the solution from scratch in Python using efficient C++ blocks, testifying its high performance.

Adaptor signatures have seen wide applications in layer-2 and peer-to-peer blockchain ap- plications such as atomic swaps and payment channels. We first identify two shortcomings of previous literature on adaptor signatures. (1) Current aim of “script-less” adaptor signatures restricts instantiability, limiting designs based on BLS or current NIST PQC candidates. (2) We identify gaps in current formulations of security. In particular, we show that current notions do not rule out a class of insecure schemes. Moreover, a natural property concerning the on-chain unlinkability of adaptor signatures has not been formalized. We then address these shortcomings by providing new and stronger security notions, as well as new generic constructions from any signature scheme and hard relation. On definitions: 1. We develop security notions that strictly imply previous notions. 2. We formalize the notion of unlinkability for adaptor signatures. 3. We give modular proof frameworks that facilitate simpler proofs. On constructions: 1. We give a generic construction of adaptor signature from any signature scheme and any hard relation, showing that theoretically, (linkable) adaptor signatures can be constructed from any one-way function. 2. We also give an unlinkable adaptor signature construction from any signature scheme and any strongly random-self reducible relation, which we show instantiations of using DL, RSA, and LWE.

E-voting offers significant potential savings in time and money compared to current voting systems. Unfortunately, many current e-voting schemes are susceptible to quantum attacks. In this paper, we expand upon EVOLVE, an existing lattice-based quantum-secure election scheme introduced by Pino et al. We are able to make these expansions by extending the dimensions of the voter's ballot and creating additional proofs, allowing for applicability to realistic election schemes. Thus, we present our system of schemes, called EVOLVED (Electronic Voting from Lattices with Verification and Extended Dimensions). We present schemes for numerous different types of elections including Single-Choice Voting, Borda Count, and Instant Runoff.

Today, authentication faces the trade-off of security versus usability. Two factor authentication, for example, is one way to improve security at the cost of requiring user interaction for every round of authentication. Most 2FA methods are bound to user's phone and fail if the phone is not available. We propose CoRA, a Collaborative Risk-aware Authentication method that takes advantage of any and many devices that the user owns. CoRA increases security, and preserves usability and privacy by using threshold MACs and by tapping into the knowledge of the devices instead of requiring user knowledge or interaction. Using CoRA, authentication tokens are generated collaboratively by multiple devices owned by the user, and the token is accompanied by a risk factor that indicates the reliability of the token to the authentication server. CoRA relies on a device-centric trust assessment to determine the relative risk factor and on threshold cryptography to ensure no single point of failure. CoRA does not assume any secure element or physical security for the devices. In this paper, we present the architecture and security analysis of CoRA. In an associated user study we discover that 78% of users have at least three devices with them at most times, and 93% have at least two, suggesting that deploying CoRA multi-factor authentication is practical today.

In [1], a novel cryptographic key exchange technique was proposed using the plactic monoid, based on the apparent difficulty of solving division problems in that monoid. Specifically, given elements c, b in the plactic monoid, the problem is to find q for which qb = c, given that such a q exists. In this paper, we introduce a metric on the plactic monoid and use it to give a probabilistic algorithm for solving that problem which is fast for parameter values in the range of interest.

The $q$-Strong Diffie-Hellman ($q$-SDH) parameters are foundational to efficient constructions of many cryptographic primitives such as zero-knowledge succinct non-interactive argument of knowledge, polynomial/vector commitments, verifiable secret sharing, and randomness beacon. The only existing method to generate these parameters securely is highly sequential, requires strong network synchrony assumptions, and has very high communication and computation cost. For example, to generate parameters for any given $q$, each party incurs a communication cost of $\Omega(nq)$ and requires $\Omega(n)$ rounds. Here $n$ is the number of parties in the secure multiparty computation protocol. Since $q$ is typically large, i.e., on the order of billions, the cost is highly prohibitive.

In this paper, we present Tauron, a distributed protocol to generate $q$-SDH parameters in an asynchronous network. In a network of $n$ parties, Tauron tolerates up to one-third of malicious parties. Each party incurs a communication cost of $O(q + n^2\log q)$ and the protocol finishes in $O(\log q + \log n)$ expected rounds. We provide a rigorous security analysis of our protocol. We implement Tauron and evaluate it with up to 128 geographically distributed parties. Our evaluation illustrates that Tauron is highly scalable and results in a 2-6$\times$ better runtime and 4-13$\times$ better per-party bandwidth usage.

Event date: 19 June to 22 June 2023
Submission deadline: 15 March 2023
Notification: 19 April 2023

Event date: 10 July 2023
Submission deadline: 30 January 2023
Notification: 15 March 2023

Mysten Labs believes that decentralized and open protocols are the bedrock of the internet of value. This is why at Mysten Labs, we are creating foundational infrastructure to accelerate the adoption of decentralized protocols based on blockchain technologies. Research internships at Mysten Labs provide a dynamic environment for research careers along with a number of industry-leading scientists and engineers. Our researchers and engineers pursue innovation in a range of scientific and technical disciplines to help solve complex challenges across the whole stack, from networking and systems to cryptography and consensus protocols. We are searching for Ph.D. students with a strong research background and an interest in blockchain technology. Some areas of research interest are distributed and concurrent systems, cryptography, security, distributed computing, incentives, and mechanism design. Research internships are available in all areas of research and are offered year-round, though they will begin in the summer of 2023. What You'll Do: Pursue applied and fundamental research Work with the engineering team on technical research problems Contribute to academic publications and blog posts Our Ideal Candidate Will Have: Enrolled in a Ph.D. program in Computer Science, or related technical field. Understanding of theoretical and practical aspects of secure distributed systems and/or cryptography. Passionate to participate in the next generation of Web3 technology Experienced technical writer and familiar with publishing in peer-reviewed conferences and journals.

Closing date for applications:

Contact: Andrew St.Germain

More information: https://jobs.ashbyhq.com/mystenlabs/68644b6d-879b-4573-9310-29b2aba114f1

Mysten Labs believes that decentralized and open protocols are the bedrock of the internet of value. This is why at Mysten Labs, we are creating foundational infrastructure to accelerate the adoption of decentralized protocols based on blockchain technologies. Research internships at Mysten Labs provide a dynamic environment for research careers along with a number of industry-leading scientists and engineers. Our researchers and engineers pursue innovation in a range of scientific and technical disciplines to help solve complex challenges across the whole stack, from networking and systems to cryptography and consensus protocols. We are searching for Ph.D. students with a strong research background and an interest in blockchain technology. Some areas of research interest are distributed and concurrent systems, cryptography, security, distributed computing, incentives, and mechanism design. Research internships are available in all areas of research and are offered year-round, though they will begin in the summer of 2023. What You'll Do: Pursue applied and fundamental research Work with the engineering team on technical research problems Contribute to academic publications and blog posts Our Ideal Candidate Will Have: Enrolled in a Ph.D. program in Computer Science, or related technical field. Understanding of theoretical and practical aspects of secure distributed systems and/or cryptography. Passionate to participate in the next generation of Web3 technology Experienced technical writer and familiar with publishing in peer-reviewed conferences and journals.

Closing date for applications:

Contact: Andrew St.Germain

More information: https://jobs.ashbyhq.com/mystenlabs/03e125fe-8f64-4da6-8b2d-267eb4398775

Role focus Research techniques to improve both the constant and asymptotic performance of our cryptographic protocols Perform literature reviews to identify new developments that could improve the Prover/Verifier efficiency of our cryptographic protocols (or replace them entirely) Develop security proofs for our ZK-SNARK circuit architectures Liaise with our applied cryptographers to assist them with implementing our cryptographic protocols in software Required experience PhD-level qualification in cryptography or a related field 4+ combined years of experience in post-PhD cryptographic research in academia and/or industry Lead author in one or more papers in the field of zero-knowledge cryptography Familiarity with algorithms, data structures and basic programming concepts Ability to read and understand software implementations of cryptographic protocols written in C++ A penchant for clear and comprehensive documentation Able to provide clear and constructive feedback for more junior cryptographers / applied cryptographers, mentoring where necessary A passion for blockchain, its potential, and what we’re trying to achieve.

Closing date for applications:

Contact: Travis

More information: https://boards.eu.greenhouse.io/aztec/jobs/4098527101

The Cryptography and Privacy Engineering Group (ENCRYPTO) @Department of Computer Science @Technical University of Darmstadt offers a full position for a Postdoctoral Researcher in Cryptography & Privacy Engineering, available immediately and for initially until 31.1.2025.

Our mission is to demonstrate that privacy can be efficiently protected in real-world applications via cryptographic protocols.

TU Darmstadt is a top research university for IT security, cryptography and computer science in Europe. The position is based in the City of Science Darmstadt, which is very international, livable and well-connected in the Rhine-Main area around Frankfurt. Knowledge of German is helpful, but not required, and TU Darmstadt offers a Welcome Center and language courses.

Job description

As postdoc @ENCRYPTO, you conduct research, build prototype implementations, and publish and present the results at top venues. You are involved in project management, teaching, co-advise PhD students and supervise thesis students & student research assistants. The position is co-funded by the ERC Starting Grant “Privacy-preserving Services on the Internet” (PSOTI), where we build privacy-preserving services on the Internet, which includes designing protocols for privately processing data among untrusted service providers using secure multi-party computation and implementing a scalable framework.

Your profile

• Completed PhD degree (or equivalent) at a top university in IT security, computer science, applied mathematics, electrical engineering, or a similar area
• Publications at top venues (CORE rank A*/A) for IT security/applied cryptography (e.g., EUROCRYPT, S&P, CCS, NDSS, USENIX SEC), ideally on cryptographic protocols and secure computation
• Experience in software development, project management and supervising students
• Self-motivated, reliable, creative, can work in a team, and want to do excellent research on challenging scientific problems with practical relevance
• The working language at ENCRYPTO is English, so you must be able to discuss/write/present scientific results in English.

Closing date for applications:

Contact: Thomas Schneider (application@encrypto.cs.tu-darmstadt.de)

More information: https://encrypto.de/POSTDOC