International Association
for Cryptologic Research

We look at the use of cryptography to obfuscate malware. Most surveys on malware obfuscation only discuss simple encryption techniques (e.g., XOR encryption), which are easy to defeat (in principle), since the decryption algorithm and the key is shipped within the program. This SoK proposes a principled definition of malware obfuscation, and categorises instances of malware obfuscation that use cryptographic tools into those which evade detection and those which are detectable. The SoK first examines easily detectable schemes such as string encryption, class encryption and XOR encoding, found in most obfuscated malware. It then details schemes that can be shown to be hard to break, such as the use of environmental keying. We also analyse formal cryptographic obfuscation, i.e., the notions of indistinguishability and virtual black box obfuscation, from the lens of our proposed model on malware obfuscation.

This paper introduces new digital signature scheme whose security against existential forgery under adaptive chosen message attack is based on hardness of the Syndrome Decoding Problem. The hardness assumption is quite simple and hence easy to analyze and investigate. The scheme as whole is neat with intuitive security definition and proof in addition to elegant and efficient signing and verifying algorithms. We propose parameter sets for three security levels (128-bits, 192-bits, and 256 bits) and estimate the corresponding sizes of the keys and the signature for each level. Additionally, the scheme has an interesting feature of signature verification using an arbitrary part of the public key, which allows the verifying party to store a small random secret part of the public key rather than the full-size public key. Using small part of the public key for verification gives us more time and memory efficient verification mode which we call Light Verification Key Mode (LVK) mode. Also, we suggest Light Signing Key Mode (LSK) which enables a smaller size of the private (signing) key while maintaining the same security level.

The NIST LightWeight Cryptography (LWC) selection process aims to standardise cryptographic functionality which is suitable for resource-constrained devices. Since the outcome is likely to have significant, long-lived impact, careful evaluation of each submission with respect to metrics explicitly outlined in the call is imperative. Beyond the robustness of submissions against cryptanalytic attack, metrics related to their implementation (e.g., execution latency and memory footprint) form an important example. Aiming to provide evidence allowing richer evaluation with respect to such metrics, this paper presents the design, implementation, and evaluation of one separate Instruction Set Extension (ISE) for each of the 10 LWC final round submissions, namely Ascon, Elephant, GIFT-COFB, Grain-128AEADv2, ISAP, PHOTON-Beetle, Romulus, Sparkle, TinyJAMBU, and Xoodyak; although we base the work on use of RISC-V, we argue that it provides more general insight.

Kyber is a key-encapsulation mechanism (KEM) that was recently selected by NIST in its PQC standardization process; it is also the \(\textit{only}\) scheme to be selected in the context of public-key encryption (PKE) and key establishment. The main security target for KEMs, and their associated PKE schemes, in the NIST PQC context has been IND-CCA security. However, some important modern applications also require their underlying KEMs/PKE schemes to provide \(\textit{anonymity}\) (Bellare \(\textit{et al.}\), ASIACRYPT 2001). Examples of such applications include anonymous credential systems, cryptocurrencies, broadcast encryption schemes, authenticated key exchange, and auction protocols. It is hence important to analyze the compatibility of NIST's new PQC standard in such "beyond IND-CCA" applications.

Some starting steps were taken by Grubbs \(\textit{et al.}\) (EUROCRYPT 2022) and Xagawa (EUROCRYPT 2022) wherein they studied the anonymity properties of most NIST PQC third round candidate KEMs. Unfortunately, they were unable to show the anonymity of Kyber because of certain technical barriers.

In this paper, we overcome said barriers and resolve the open problems posed by Grubbs \(\textit{et al.}\) (EUROCRYPT 2022) and Xagawa (EUROCRYPT 2022) by establishing the anonymity of Kyber, and the (hybrid) PKE schemes derived from it, in a post-quantum setting. Along the way, we also provide an approach to obtain tight IND-CCA security proofs for Kyber with \(\textit{concrete}\) bounds; this resolves another issue identified by the aforementioned works related to the post-quantum IND-CCA security claims of Kyber from a provable security point-of-view. Our results also extend to Saber, a NIST PQC third round finalist, in a similar fashion.

Federated learning (FL) is an increasingly popular approach for machine learning (ML) in cases where the train- ing dataset is highly distributed. Clients perform local training on their datasets and the updates are then aggregated into the global model. Existing protocols for aggregation are either inefficient, or don’t consider the case of malicious actors in the system. This is a major barrier in making FL an ideal solution for privacy-sensitive ML applications. We present ELSA, a secure aggregation protocol for FL, which breaks this barrier - it is efficient and addresses the existence of malicious actors at the core of its design. Similar to prior work on Prio and Prio+, ELSA provides a novel secure aggregation protocol built out of distributed trust across two servers that keeps individual client updates private as long as one server is honest, defends against malicious clients and is efficient end-to-end. Compared to prior works, the distinguishing theme in ELSA is that instead of the servers generating cryptographic correlations interactively, the clients act as untrusted dealers of these correlations without compromising the protocol’s security. This leads to a much faster protocol while also achieving stronger security at that ef- ficiency compared to prior work. We introduce new techniques that retain privacy even when a server is malicious at a small added cost of 7-25% in runtime with negligible increase in communication over the case of semi-honest server. Our work improves end-to-end runtime over prior work with similar security guarantees by big margins - single-aggregator RoFL by up to 305x (for the models we consider), and distributed trust Prio by up to 8x

In 2019, Essaid et al. proposed an encryption scheme for color images based on chaotic maps. Their solution uses two enhanced chaotic maps to dynamically generate the secret substitution boxes and the key bytes used by the cryptosystem. Note that both types of parameters are dependent on the size of the original image. The authors claim that their proposal provides enough security for transmitting color images over unsecured channels. Unfortunately, this is not the case. In this paper, we introduce two cryptanalytic attacks for Essaid et al.'s encryption scheme. The first one is a chosen plaintext attack, which for a given size, requires $256$ chosen plaintexts to allow an attacker to decrypt any image of this size. The second attack is a a chosen ciphertext attack, which compared to the first one, requires $512$ chosen ciphertexts to break the scheme for a given size. These attacks are possible because the generated substitution boxes and key bits remain unchanged for different plaintext images.

Identity-based encryption with equality test (IBEET) is a variant of identity-based encryption (IBE), where any users who have trapdoors can check whether two ciphertexts are encryption of the same plaintext. Although several lattice-based IBEET schemes have been proposed, they have drawbacks in either security or efficiency. Specifically, most schemes satisfy only selective security, while adaptively secure schemes in the standard model suffer from large master public keys that consist of linear numbers of matrices. In other words, known lattice-based IBEET schemes perform poorly compared to the state-of-the-art lattice-based IBE schemes (without equality test). In this paper, we propose a semi-generic construction of CCA-secure lattice-based IBEET from a certain class of lattice-based IBE schemes. As a result, we obtain the first lattice-based IBEET schemes with adaptive security and CCA security in the standard model. Furthermore, our semi-generic construction can use several state-of-the-art lattice-based IBE schemes as underlying schemes. Then, we have adaptively secure lattice-based IBEET schemes whose public keys have only poly-log matrices.

Event date: 10 July to 14 July 2023
Submission deadline: 20 February 2023
Notification: 20 March 2023

Event date: 19 June to 22 June 2023
Submission deadline: 15 March 2023
Notification: 19 April 2023

We are hiring two Ph.D. students to contribute to a research project entitled "Advanced Cryptography for Finance and Privacy (CryptoFin)", which is funded by the Fonds National de la Recherche (FNR) through the CORE program. Candidates with research interests in one or more of the following areas are particularly encouraged to apply:

• applied or symmetric cryptography
• cryptofinance, cryptoeconomics, blockchains
• anonymity and privacy on the Internet

Your Profile

• M.Sc. degree in Computer Science, Applied Mathematics or a related field
• GPA of at least 80% in both the bachelor and master studies
• Strong mathematical and/or algorithmic CS background (math/CS Olympiads, CTFs a plus)
• Background in applied cryptography, or information security, or economics/finance - a plus
• Good skills in programming, scripting languages. Math tools - a plus.
• Commitment, team working and a critical mind
• Fluent written and verbal communication skills in English

We offer The University offers a Ph.D. study program with a Fixed Term Contract up to 3 years with extension into the 4th year based on performance, on full time basis (40hrs/week). The University offers highly competitive salaries and is an equal opportunity employer. You will work in an exciting international environment and will carry leading edge research in these rapidly evolving areas, which will have direct impact on the future. Application Applications, written in English, should be submitted online and should include:

• A very brief cover letter explaining the candidate's motivation and research interests
• Curriculum Vitae (including photo, education/research, work experience, interests)
• Transcripts of B.Sc. and M.Sc. grades
• Information about contributions to open-source projects, participation in research competitions, Olympiads, CTFs, etc.

Deadline for applications: January 6, 2023. Applications will be considered on receipt therefore applying before the deadline is encouraged.

Closing date for applications:

Contact: Prof. Alex Biryukov (e-mail: first name dot family name (at) uni.lu)

More information: http://cryptolux.org/index.php/Vacancies

The Department of Computer Science at Aalto University - in the top 20 young universities worldwide - invites applications for tenure-track positions at the assistant professor level. We welcome applications in all areas of computer science, with a special focus on candidates with expertise in the following areas.

• Programming languages; Programming methodologies
• Databases; Data management
• Software engineering: software systems specification, implementation, validation
• Operating Systems; Hardware-software interface

Women and others underrepresented in computer science are especially encouraged to apply.

The Department of Computer Science (https://www.aalto.fi/en/department-of-computer-science) is home to world-class research in modern computer science, combining research on foundations and innovative applications. An international community with 46 professors and more than 400 employees from 50 countries, it is the largest department at Aalto University and the largest computer science unit in Finland. The department consistently ranks high in global rankings, for example, the first in Nordic countries and Northeastern Europe and the 73rd overall in Times Higher Education ranking for 2023.

Finland is a great place for living with or without a family: it is a safe and well-organized Nordic society, where equality is highly valued and extensive social security supports people in all situations of life. Finland's free high-quality education system is also internationally renowned.

For more information and the application form visit: https://www.aalto.fi/en/open-positions/assistant-professors-computer-science

The call is open until January 15, 2023.

Closing date for applications:

Contact: Prof. Jussi Rintanen or for recruitment process-related questions HR Partner Laura Kuusisto-Noponen

More information: https://www.aalto.fi/en/open-positions/assistant-professors-computer-science

Shuffling is a well-known countermeasure against side-channel analysis. It typically uses the Fisher-Yates (FY) algorithm to generate a random permutation which is then utilized as the loop iterator to index the processing of the variables inside the loop. The processing order is scrambled as a result, making side-channel analysis more difficult. Recently, a side-channel attack on a masked and shuffled implementation of Saber requiring 61,680 power traces to extract the secret key was reported. In this paper, we present an attack that can recover the secret key of Saber from 4,608 traces. The key idea behind the 13-fold improvement is to recover FY indexes directly, rather than by extracting the message Hamming weight and bit flipping, as in the previous attack. We capture a power trace during the execution of the decapsulation algorithm for a given ciphertext, recover FY indexes 0 and 255, and extract the corresponding two message bits. Then, we modify the ciphertext to cyclically rotate the message, capture a power trace, and extract the next two message bits with FY indexes 0 and 255. In this way, all message bits can be extracted. By recovering messages contained in k ∗ l chosen ciphertexts constructed using a new method based on error-correcting codes with length l, where k is the security level, we recover the long term secret key. To demonstrate the generality of the presented approach, we also recover the secret key from a masked and shuffled implementation of CRYSTALS-Kyber, which NIST recently selected as a new public-key encryption and key-establishment algorithm to be standardized.

Modern attestation based on Trusted Execution Environments (TEEs) can significantly reduce the risk of secret compromise by attackers, while allowing users to authenticate across various services. However, this has also made TEEs a high-value attack target, driving an arms race between novel compromise attacks and continuous TEEs updates. Ideally, we would like to ensure that we achieve Post-Compromise Security (PCS): even after a compromise, we can update the TEE into a secure state. However, at the same time, we would like the privacy of users to be respected, preventing providers (such as Intel, Google, or Samsung) or services from tracking users. In this work, we develop TokenWeaver, the first privacy-preserving post-compromise secure attestation method with automated formal proofs for its core properties. We base our construction on weaving together two types of token chains, one of which is linkable and the other is unlinkable. We provide the full formal models, including protocol, security properties, and proofs for reproducibility, as well as a proof-of-concept implementation in python that shows the simplicity and applicability of our solution.

We introduce the first candidate lattice-based Designated Verifier (DV) ZK-SNARK protocol with \emph{quasi-optimal proof length} (quasi-linear in the security/privacy parameter), avoiding the use of the exponential smudging technique. Our ZK-SNARK also achieves significant improvements in proof length in practice, with proofs length below $6$ KB for 128-bit security/privacy level. Our main technical result is a new regularity theorem for `private' re-randomization of Module LWE (MLWE) samples using discrete Gaussian randomization vectors, also known as a lattice-based leftover hash lemma with leakage, which applies with a discrete Gaussian re-randomization parameter that is polynomial in the statistical privacy parameter. To obtain this result, we obtain bounds on the smoothing parameter of an intersection of a random $q$-ary SIS module lattice, Gadget SIS module lattice, and Gaussian orthogonal module lattice over standard power of 2 cyclotomic rings, and a bound on the minimum of module gadget lattices. We then introduce a new candidate \emph{linear-only} homomorphic encryption scheme called Module Half-GSW (HGSW), which is a variant of the GSW somewhat homomorphic encryption scheme over modules, and apply our regularity theorem to provide smudging-free circuit-private homomorphic linear operations for Module HGSW.

We are offering fully funded Ph.D. and PostDoc opportunities at NUS-Singapore and the University of Sheffield, UK. The candidates will have opportunities to work in both Singapore and Sheffield (UK). Requirements for Ph.D. Position • Completed Master’s degree (or equivalent) at a top university in information security, computer science, applied mathematics, electrical engineering, or a similar area • Research experience (such as publishing papers as a first author in reputable venues) • Self-motivated, reliable, creative, can work in a team and want to do excellent research on challenging scientific problems with practical relevance Requirements for Postdoc Position • Completed PhD degree (or equivalent) at a top university in IT security, computer science, applied mathematics, electrical engineering, or a similar area • Publications at top venues (CORE rank A*/A) for information security/applied cryptography (e.g., TDSC, TIFS, WISEC, NDSS, USENIX SEC), ideally on security protocols and secure computation • Experience in software development, project management and supervising students • Self-motivated, reliable, creative, can work in a team and want to do excellent research on challenging scientific problems with practical relevance How to apply? Please send me your CV with detailed information. For the Postdoc position, please send three of your best papers. Contact: Dr Prosanta Gope (p.gope@sheffield.ac.uk)

Closing date for applications:

Contact: Dr Prosanta Gope (p.gope@sheffield.ac.uk)

We are offering multiple fully funded positions as Ph.D. students or PostDocs in the project CRYPTOECONOMICS. The CRYPTOECONOMICS project explores the intersection between cryptography and game theory for the use case of decentralized finance. The project will be carried out jointly by researchers in cryptography at TU Darmstadt and algorithmic game theory at Goethe University Frankfurt. As a member of the CRYPTOECONOMICS project, you will conduct research on blockchain technologies and publish/present your results at top venues for research in blockchains, cryptography, IT Security and algorithmic game theory. Topics of particular interest include (but are not limited to):

• Cryptography for Blockchains and Cryptocurrencies
• Decentralized Finance
• Economics and Computation
• Design and Analysis of Distributed Algorithms

For a PhD position, you hold a Master degree from a top university with excellent grades in computer science, mathematics, or a similar area. You have a strong mathematical and/or algorithmic/theoretical CS background and are fluent in English. Knowledge in one of the topics mentioned above is a plus. To apply for a PostDoc position, you additionally hold a PhD and have publications at top venues in one of the topics mentioned above (e.g. Crypto, Eurocrypt, TCC, CCS, FC, AFT, STOC, FOCS, SODA, EC, AAAI, IJCAI).

Your application should contain a CV, record of grades, a short motivation letter and at least one contact for a reference letter. Since there are multiple positions available please indicate in your application if your main interest lies in cryptography or game theory.

The project is part of the ATHENE national center for IT security and privacy, which is one of Europe’s largest centers for research in IT security. We offer an excellent working environment in the heart of the Frankfurt Metropolitan Area, which is internationally well-known for its high quality of life. The review of applications starts immediately until the positions are filled.

Closing date for applications:

Contact:
Sebastian Faust (office.cac@cysec.de)
Martin Hoefer (mhoefer@em.uni-frankfurt.de)

The Virginia Tech Department of Mathematics anticipates Postdoctoral Associate positions, including one position as the Patricia Ann Caldwell Post-Doctoral Fellow with a start date of August 10, 2023, at our Blacksburg, VA, campus. Apply Here https://careers.pageuppeople.com/968/cw/en-us/job/522806/postdoctoral-associate 

Closing date for applications:

Contact: Department of Mathematics (0123) 460 McBryde Hall, Virginia Tech 225 Stanger Street Blacksburg, VA 24061-1026

More information: https://careers.pageuppeople.com/968/cw/en-us/job/522806/postdoctoral-associate#.Y430yuaQ8lg.link

Simula UiB (https://simula-uib.com) is a research centre in Cryptography and Information Theory located in Bergen, Norway. We are currently looking for an outstanding candidate for a PhD researcher position in the area of symmetric-key cryptography. The successful candidate will work under the supervision of Prof Carlos Cid, towards a PhD degree from the University of Bergen. The research topic will be one of the following:

• Design and analysis of dedicated symmetric-key ciphers for privacy-preserving mechanisms (e.g. MPC, FHE, ZKP schemes); or,
• Quantum cryptanalysis of symmetric-key primitives.

We are looking for a candidate who has recently completed, or is about to complete, a master’s degree in cryptography, mathematics, or a closely related field. This is a 4-year position, with the student dedicating 25% of their time to compulsory work related to their research area.

Interested candidates should apply via the link https://www.simula.no/about/job/phd-student-symmetric-key-cryptography . The deadline for application is Sunday 5 February 2023. However applications will be screened continuously, and we may conclude recruitment as soon as we find the right candidate. The starting date is negotiable.

Closing date for applications:

Contact: For additional enquiries, please contact Carlos Cid (carlos@simula.no)

More information: https://www.simula.no/about/job/phd-student-symmetric-key-cryptography

Various matrix relations widely appeared in data-intensive computations, as a result their zero-knowledge proofs/arguments (ZKP/ZKA) are naturally required in large-scale private computing applications. In the first part of this paper, we concretely establish efficient zero-knowledge arguments for linear matrix relation AU = B and bilinear relation UQV = Y over the residue ring Zm with logarithmic message complexity. We take a direct, matrix-oriented (rather than vector-oriented in usual) approach to such establishments on basis of the elegant commitment scheme over the ring recently established by Attema et al[16]. The constructed protocols are public coin and in c.r.s paradigm (c.r.s used only as the public-key of the commitment scheme), suitable for any size matrices and outperform the protocols constructed in usual approach when number of columns > log(number of rows) with significantly smaller c.r.s., fewer rounds and lower message complexity, particularly for large-size squares. The on-line computational complexity is almost the same for both approaches. In the second part, on basis of the simulation-sound tag-based trapdoor commitment schemes we establish a general compiler to transform any public coin proof/argument protocol into the one which is concurrently non-malleable with unchanged number of rounds, properly increased message and computational complexity. Such enhanced protocols, e.g., the versions compiled from those constructed in the first part of this work, can run in parallel environment while keeping all their security properties, particularly resisting man-in-the-middle attacks.

We propose a novel privacy-preserving, two-party computation of various distance metrics (e.g., Hamming distance, Scalar Product) followed by a comparison with a fixed threshold, which is known as one of the most useful and popular building blocks for many different applications including machine learning, biometric matching, etc. Our solution builds upon recent advances in functional secret sharing and makes use of an optimized version of arithmetic secret sharing. Thanks to this combination, our new solution named Funshade is the first to require only one round of communication and two ring elements of communication in the online phase, outperforming all prior state-of-the-art schemes while relying on lightweight cryptographic primitives. Lastly, we implement the solution from scratch in Python using efficient C++ blocks, testifying its high performance.