International Association
for Cryptologic Research

Identity-based encryption with equality test (IBEET) is a variant of identity-based encryption (IBE), where any users who have trapdoors can check whether two ciphertexts are encryption of the same plaintext. Although several lattice-based IBEET schemes have been proposed, they have drawbacks in either security or efficiency. Specifically, most schemes satisfy only selective security, while adaptively secure schemes in the standard model suffer from large master public keys that consist of linear numbers of matrices. In other words, known lattice-based IBEET schemes perform poorly compared to the state-of-the-art lattice-based IBE schemes (without equality test). In this paper, we propose a semi-generic construction of CCA-secure lattice-based IBEET from a certain class of lattice-based IBE schemes. As a result, we obtain the first lattice-based IBEET schemes with adaptive security and CCA security in the standard model. Furthermore, our semi-generic construction can use several state-of-the-art lattice-based IBE schemes as underlying schemes. Then, we have adaptively secure lattice-based IBEET schemes whose public keys have only poly-log matrices.

Event date: 10 July to 14 July 2023
Submission deadline: 20 February 2023
Notification: 20 March 2023

Event date: 19 June to 22 June 2023
Submission deadline: 15 March 2023
Notification: 19 April 2023

We are hiring two Ph.D. students to contribute to a research project entitled "Advanced Cryptography for Finance and Privacy (CryptoFin)", which is funded by the Fonds National de la Recherche (FNR) through the CORE program. Candidates with research interests in one or more of the following areas are particularly encouraged to apply:

• applied or symmetric cryptography
• cryptofinance, cryptoeconomics, blockchains
• anonymity and privacy on the Internet

Your Profile

• M.Sc. degree in Computer Science, Applied Mathematics or a related field
• GPA of at least 80% in both the bachelor and master studies
• Strong mathematical and/or algorithmic CS background (math/CS Olympiads, CTFs a plus)
• Background in applied cryptography, or information security, or economics/finance - a plus
• Good skills in programming, scripting languages. Math tools - a plus.
• Commitment, team working and a critical mind
• Fluent written and verbal communication skills in English

We offer The University offers a Ph.D. study program with a Fixed Term Contract up to 3 years with extension into the 4th year based on performance, on full time basis (40hrs/week). The University offers highly competitive salaries and is an equal opportunity employer. You will work in an exciting international environment and will carry leading edge research in these rapidly evolving areas, which will have direct impact on the future. Application Applications, written in English, should be submitted online and should include:

• A very brief cover letter explaining the candidate's motivation and research interests
• Curriculum Vitae (including photo, education/research, work experience, interests)
• Transcripts of B.Sc. and M.Sc. grades
• Information about contributions to open-source projects, participation in research competitions, Olympiads, CTFs, etc.

Deadline for applications: January 6, 2023. Applications will be considered on receipt therefore applying before the deadline is encouraged.

Closing date for applications:

Contact: Prof. Alex Biryukov (e-mail: first name dot family name (at) uni.lu)

More information: http://cryptolux.org/index.php/Vacancies

The Department of Computer Science at Aalto University - in the top 20 young universities worldwide - invites applications for tenure-track positions at the assistant professor level. We welcome applications in all areas of computer science, with a special focus on candidates with expertise in the following areas.

• Programming languages; Programming methodologies
• Databases; Data management
• Software engineering: software systems specification, implementation, validation
• Operating Systems; Hardware-software interface

Women and others underrepresented in computer science are especially encouraged to apply.

The Department of Computer Science (https://www.aalto.fi/en/department-of-computer-science) is home to world-class research in modern computer science, combining research on foundations and innovative applications. An international community with 46 professors and more than 400 employees from 50 countries, it is the largest department at Aalto University and the largest computer science unit in Finland. The department consistently ranks high in global rankings, for example, the first in Nordic countries and Northeastern Europe and the 73rd overall in Times Higher Education ranking for 2023.

Finland is a great place for living with or without a family: it is a safe and well-organized Nordic society, where equality is highly valued and extensive social security supports people in all situations of life. Finland's free high-quality education system is also internationally renowned.

For more information and the application form visit: https://www.aalto.fi/en/open-positions/assistant-professors-computer-science

The call is open until January 15, 2023.

Closing date for applications:

Contact: Prof. Jussi Rintanen or for recruitment process-related questions HR Partner Laura Kuusisto-Noponen

More information: https://www.aalto.fi/en/open-positions/assistant-professors-computer-science

Shuffling is a well-known countermeasure against side-channel analysis. It typically uses the Fisher-Yates (FY) algorithm to generate a random permutation which is then utilized as the loop iterator to index the processing of the variables inside the loop. The processing order is scrambled as a result, making side-channel analysis more difficult. Recently, a side-channel attack on a masked and shuffled implementation of Saber requiring 61,680 power traces to extract the secret key was reported. In this paper, we present an attack that can recover the secret key of Saber from 4,608 traces. The key idea behind the 13-fold improvement is to recover FY indexes directly, rather than by extracting the message Hamming weight and bit flipping, as in the previous attack. We capture a power trace during the execution of the decapsulation algorithm for a given ciphertext, recover FY indexes 0 and 255, and extract the corresponding two message bits. Then, we modify the ciphertext to cyclically rotate the message, capture a power trace, and extract the next two message bits with FY indexes 0 and 255. In this way, all message bits can be extracted. By recovering messages contained in k ∗ l chosen ciphertexts constructed using a new method based on error-correcting codes with length l, where k is the security level, we recover the long term secret key. To demonstrate the generality of the presented approach, we also recover the secret key from a masked and shuffled implementation of CRYSTALS-Kyber, which NIST recently selected as a new public-key encryption and key-establishment algorithm to be standardized.

Modern attestation based on Trusted Execution Environments (TEEs) can significantly reduce the risk of secret compromise by attackers, while allowing users to authenticate across various services. However, this has also made TEEs a high-value attack target, driving an arms race between novel compromise attacks and continuous TEEs updates. Ideally, we would like to ensure that we achieve Post-Compromise Security (PCS): even after a compromise, we can update the TEE into a secure state. However, at the same time, we would like the privacy of users to be respected, preventing providers (such as Intel, Google, or Samsung) or services from tracking users. In this work, we develop TokenWeaver, the first privacy-preserving post-compromise secure attestation method with automated formal proofs for its core properties. We base our construction on weaving together two types of token chains, one of which is linkable and the other is unlinkable. We provide the full formal models, including protocol, security properties, and proofs for reproducibility, as well as a proof-of-concept implementation in python that shows the simplicity and applicability of our solution.

We introduce the first candidate lattice-based Designated Verifier (DV) ZK-SNARK protocol with \emph{quasi-optimal proof length} (quasi-linear in the security/privacy parameter), avoiding the use of the exponential smudging technique. Our ZK-SNARK also achieves significant improvements in proof length in practice, with proofs length below $6$ KB for 128-bit security/privacy level. Our main technical result is a new regularity theorem for `private' re-randomization of Module LWE (MLWE) samples using discrete Gaussian randomization vectors, also known as a lattice-based leftover hash lemma with leakage, which applies with a discrete Gaussian re-randomization parameter that is polynomial in the statistical privacy parameter. To obtain this result, we obtain bounds on the smoothing parameter of an intersection of a random $q$-ary SIS module lattice, Gadget SIS module lattice, and Gaussian orthogonal module lattice over standard power of 2 cyclotomic rings, and a bound on the minimum of module gadget lattices. We then introduce a new candidate \emph{linear-only} homomorphic encryption scheme called Module Half-GSW (HGSW), which is a variant of the GSW somewhat homomorphic encryption scheme over modules, and apply our regularity theorem to provide smudging-free circuit-private homomorphic linear operations for Module HGSW.

We are offering fully funded Ph.D. and PostDoc opportunities at NUS-Singapore and the University of Sheffield, UK. The candidates will have opportunities to work in both Singapore and Sheffield (UK). Requirements for Ph.D. Position • Completed Master’s degree (or equivalent) at a top university in information security, computer science, applied mathematics, electrical engineering, or a similar area • Research experience (such as publishing papers as a first author in reputable venues) • Self-motivated, reliable, creative, can work in a team and want to do excellent research on challenging scientific problems with practical relevance Requirements for Postdoc Position • Completed PhD degree (or equivalent) at a top university in IT security, computer science, applied mathematics, electrical engineering, or a similar area • Publications at top venues (CORE rank A*/A) for information security/applied cryptography (e.g., TDSC, TIFS, WISEC, NDSS, USENIX SEC), ideally on security protocols and secure computation • Experience in software development, project management and supervising students • Self-motivated, reliable, creative, can work in a team and want to do excellent research on challenging scientific problems with practical relevance How to apply? Please send me your CV with detailed information. For the Postdoc position, please send three of your best papers. Contact: Dr Prosanta Gope (p.gope@sheffield.ac.uk)

Closing date for applications:

Contact: Dr Prosanta Gope (p.gope@sheffield.ac.uk)

We are offering multiple fully funded positions as Ph.D. students or PostDocs in the project CRYPTOECONOMICS. The CRYPTOECONOMICS project explores the intersection between cryptography and game theory for the use case of decentralized finance. The project will be carried out jointly by researchers in cryptography at TU Darmstadt and algorithmic game theory at Goethe University Frankfurt. As a member of the CRYPTOECONOMICS project, you will conduct research on blockchain technologies and publish/present your results at top venues for research in blockchains, cryptography, IT Security and algorithmic game theory. Topics of particular interest include (but are not limited to):

• Cryptography for Blockchains and Cryptocurrencies
• Decentralized Finance
• Economics and Computation
• Design and Analysis of Distributed Algorithms

For a PhD position, you hold a Master degree from a top university with excellent grades in computer science, mathematics, or a similar area. You have a strong mathematical and/or algorithmic/theoretical CS background and are fluent in English. Knowledge in one of the topics mentioned above is a plus. To apply for a PostDoc position, you additionally hold a PhD and have publications at top venues in one of the topics mentioned above (e.g. Crypto, Eurocrypt, TCC, CCS, FC, AFT, STOC, FOCS, SODA, EC, AAAI, IJCAI).

Your application should contain a CV, record of grades, a short motivation letter and at least one contact for a reference letter. Since there are multiple positions available please indicate in your application if your main interest lies in cryptography or game theory.

The project is part of the ATHENE national center for IT security and privacy, which is one of Europe’s largest centers for research in IT security. We offer an excellent working environment in the heart of the Frankfurt Metropolitan Area, which is internationally well-known for its high quality of life. The review of applications starts immediately until the positions are filled.

Closing date for applications:

Contact:
Sebastian Faust (office.cac@cysec.de)
Martin Hoefer (mhoefer@em.uni-frankfurt.de)

The Virginia Tech Department of Mathematics anticipates Postdoctoral Associate positions, including one position as the Patricia Ann Caldwell Post-Doctoral Fellow with a start date of August 10, 2023, at our Blacksburg, VA, campus. Apply Here https://careers.pageuppeople.com/968/cw/en-us/job/522806/postdoctoral-associate 

Closing date for applications:

Contact: Department of Mathematics (0123) 460 McBryde Hall, Virginia Tech 225 Stanger Street Blacksburg, VA 24061-1026

More information: https://careers.pageuppeople.com/968/cw/en-us/job/522806/postdoctoral-associate#.Y430yuaQ8lg.link

Simula UiB (https://simula-uib.com) is a research centre in Cryptography and Information Theory located in Bergen, Norway. We are currently looking for an outstanding candidate for a PhD researcher position in the area of symmetric-key cryptography. The successful candidate will work under the supervision of Prof Carlos Cid, towards a PhD degree from the University of Bergen. The research topic will be one of the following:

• Design and analysis of dedicated symmetric-key ciphers for privacy-preserving mechanisms (e.g. MPC, FHE, ZKP schemes); or,
• Quantum cryptanalysis of symmetric-key primitives.

We are looking for a candidate who has recently completed, or is about to complete, a master’s degree in cryptography, mathematics, or a closely related field. This is a 4-year position, with the student dedicating 25% of their time to compulsory work related to their research area.

Interested candidates should apply via the link https://www.simula.no/about/job/phd-student-symmetric-key-cryptography . The deadline for application is Sunday 5 February 2023. However applications will be screened continuously, and we may conclude recruitment as soon as we find the right candidate. The starting date is negotiable.

Closing date for applications:

Contact: For additional enquiries, please contact Carlos Cid (carlos@simula.no)

More information: https://www.simula.no/about/job/phd-student-symmetric-key-cryptography

Various matrix relations widely appeared in data-intensive computations, as a result their zero-knowledge proofs/arguments (ZKP/ZKA) are naturally required in large-scale private computing applications. In the first part of this paper, we concretely establish efficient zero-knowledge arguments for linear matrix relation AU = B and bilinear relation UQV = Y over the residue ring Zm with logarithmic message complexity. We take a direct, matrix-oriented (rather than vector-oriented in usual) approach to such establishments on basis of the elegant commitment scheme over the ring recently established by Attema et al[16]. The constructed protocols are public coin and in c.r.s paradigm (c.r.s used only as the public-key of the commitment scheme), suitable for any size matrices and outperform the protocols constructed in usual approach when number of columns > log(number of rows) with significantly smaller c.r.s., fewer rounds and lower message complexity, particularly for large-size squares. The on-line computational complexity is almost the same for both approaches. In the second part, on basis of the simulation-sound tag-based trapdoor commitment schemes we establish a general compiler to transform any public coin proof/argument protocol into the one which is concurrently non-malleable with unchanged number of rounds, properly increased message and computational complexity. Such enhanced protocols, e.g., the versions compiled from those constructed in the first part of this work, can run in parallel environment while keeping all their security properties, particularly resisting man-in-the-middle attacks.

We propose a novel privacy-preserving, two-party computation of various distance metrics (e.g., Hamming distance, Scalar Product) followed by a comparison with a fixed threshold, which is known as one of the most useful and popular building blocks for many different applications including machine learning, biometric matching, etc. Our solution builds upon recent advances in functional secret sharing and makes use of an optimized version of arithmetic secret sharing. Thanks to this combination, our new solution named Funshade is the first to require only one round of communication and two ring elements of communication in the online phase, outperforming all prior state-of-the-art schemes while relying on lightweight cryptographic primitives. Lastly, we implement the solution from scratch in Python using efficient C++ blocks, testifying its high performance.

Adaptor signatures have seen wide applications in layer-2 and peer-to-peer blockchain ap- plications such as atomic swaps and payment channels. We first identify two shortcomings of previous literature on adaptor signatures. (1) Current aim of “script-less” adaptor signatures restricts instantiability, limiting designs based on BLS or current NIST PQC candidates. (2) We identify gaps in current formulations of security. In particular, we show that current notions do not rule out a class of insecure schemes. Moreover, a natural property concerning the on-chain unlinkability of adaptor signatures has not been formalized. We then address these shortcomings by providing new and stronger security notions, as well as new generic constructions from any signature scheme and hard relation. On definitions: 1. We develop security notions that strictly imply previous notions. 2. We formalize the notion of unlinkability for adaptor signatures. 3. We give modular proof frameworks that facilitate simpler proofs. On constructions: 1. We give a generic construction of adaptor signature from any signature scheme and any hard relation, showing that theoretically, (linkable) adaptor signatures can be constructed from any one-way function. 2. We also give an unlinkable adaptor signature construction from any signature scheme and any strongly random-self reducible relation, which we show instantiations of using DL, RSA, and LWE.

E-voting offers significant potential savings in time and money compared to current voting systems. Unfortunately, many current e-voting schemes are susceptible to quantum attacks. In this paper, we expand upon EVOLVE, an existing lattice-based quantum-secure election scheme introduced by Pino et al. We are able to make these expansions by extending the dimensions of the voter's ballot and creating additional proofs, allowing for applicability to realistic election schemes. Thus, we present our system of schemes, called EVOLVED (Electronic Voting from Lattices with Verification and Extended Dimensions). We present schemes for numerous different types of elections including Single-Choice Voting, Borda Count, and Instant Runoff.

Today, authentication faces the trade-off of security versus usability. Two factor authentication, for example, is one way to improve security at the cost of requiring user interaction for every round of authentication. Most 2FA methods are bound to user's phone and fail if the phone is not available. We propose CoRA, a Collaborative Risk-aware Authentication method that takes advantage of any and many devices that the user owns. CoRA increases security, and preserves usability and privacy by using threshold MACs and by tapping into the knowledge of the devices instead of requiring user knowledge or interaction. Using CoRA, authentication tokens are generated collaboratively by multiple devices owned by the user, and the token is accompanied by a risk factor that indicates the reliability of the token to the authentication server. CoRA relies on a device-centric trust assessment to determine the relative risk factor and on threshold cryptography to ensure no single point of failure. CoRA does not assume any secure element or physical security for the devices. In this paper, we present the architecture and security analysis of CoRA. In an associated user study we discover that 78% of users have at least three devices with them at most times, and 93% have at least two, suggesting that deploying CoRA multi-factor authentication is practical today.

In [1], a novel cryptographic key exchange technique was proposed using the plactic monoid, based on the apparent difficulty of solving division problems in that monoid. Specifically, given elements c, b in the plactic monoid, the problem is to find q for which qb = c, given that such a q exists. In this paper, we introduce a metric on the plactic monoid and use it to give a probabilistic algorithm for solving that problem which is fast for parameter values in the range of interest.

The $q$-Strong Diffie-Hellman ($q$-SDH) parameters are foundational to efficient constructions of many cryptographic primitives such as zero-knowledge succinct non-interactive argument of knowledge, polynomial/vector commitments, verifiable secret sharing, and randomness beacon. The only existing method to generate these parameters securely is highly sequential, requires strong network synchrony assumptions, and has very high communication and computation cost. For example, to generate parameters for any given $q$, each party incurs a communication cost of $\Omega(nq)$ and requires $\Omega(n)$ rounds. Here $n$ is the number of parties in the secure multiparty computation protocol. Since $q$ is typically large, i.e., on the order of billions, the cost is highly prohibitive.

In this paper, we present Tauron, a distributed protocol to generate $q$-SDH parameters in an asynchronous network. In a network of $n$ parties, Tauron tolerates up to one-third of malicious parties. Each party incurs a communication cost of $O(q + n^2\log q)$ and the protocol finishes in $O(\log q + \log n)$ expected rounds. We provide a rigorous security analysis of our protocol. We implement Tauron and evaluate it with up to 128 geographically distributed parties. Our evaluation illustrates that Tauron is highly scalable and results in a 2-6$\times$ better runtime and 4-13$\times$ better per-party bandwidth usage.

Event date: 19 June to 22 June 2023
Submission deadline: 15 March 2023
Notification: 19 April 2023