International Association
for Cryptologic Research

We introduce the Merkle Tree Ladder (MTL) mode of operation for signature schemes. MTL mode signs messages using an underlying signature scheme in such a way that the resulting signatures are condensable: a set of MTL mode signatures can be conveyed from a signer to a verifier in fewer bits than if the MTL mode signatures were sent individually. In MTL mode, the signer sends a shorter condensed signature for each message of interest and occasionally provides a longer reference value that helps the verifier process the condensed signatures. We show that in a practical scenario involving random access to an initial series of 10,000 signatures that expands gradually over time, MTL mode can reduce the size impact of the NIST PQC signature algorithms, which have signature sizes of 666 to 7856 bytes with example parameter sets, to a condensed signature size of 472 bytes per message. Even adding the overhead of the reference values, MTL mode signatures still reduce the overall signature size impact under a range of operational assumptions. Because MTL mode itself is quantum-safe, the mode can support long-term cryptographic resiliency in applications where signature size impact is a concern without limiting cryptographic diversity only to algorithms whose signatures are naturally short.

Custodial secret management services provide a convenient centralized user experience, portability, and emergency recovery for users who cannot reliably remember or store their own credentials and cryptographic keys. Unfortunately, these benefits are only available when users compromise the security of their secrets and entrust them to a third party. This makes custodial secret management service providers ripe targets for exploitation, and exposes valuable and sensitive data to data leaks, insider attacks, and password cracking, among other dangers. Several password managers and cryptocurrency wallets today utilize non-custodial solutions, where their users are in charge of a high-entropy secret, such as a cryptographic secret key or a long passphrase, that controls access to their data. One can argue that these solutions have a stronger security model, as the service provider no longer constitutes a single point of trust. However, the obvious downside is that it is very difficult for people to store cryptographic secrets reliably, making emergency recovery a serious problem. We present Acsesor: a new framework for auditable custodial secret management with decentralized trust. Our framework offers a middle-ground between a fully custodial (centralized) and fully non-custodial (user-managed/distributed) recovery system: it enhances custodial recovery systems with cryptographically assured access monitoring and a distributed trust assumption. In particular, the Acsesor framework distributes the recovery process across a set of (user-chosen) guardians. However, the user is never required to interact directly with the guardians during recovery, which allows us to retain the high usability of centralized custodial solutions. Additionally, Acsesor retains the strong resilience guarantees that custodial systems provide against fraud attacks. Finally, by allowing the guardians to implement flexible user-chosen response policies, Acsesor can address a broad range of problem scenarios in classical secret management solutions. For example, a slow recovery policy, where the guardians wait for a predefined time until responding, can replace the cumbersome passphrases many cryptocurrency wallets implement today for emergency recovery. We also instantiate the Acsesor framework with a base protocol built of standard primitives: standard encryption schemes and privacy-preserving transparency ledgers. Our construction requires no persistent storage from its users and supports an expansive array of configuration options and extensions.

In data-intensive private computing applications various relations appear as or can be reduced to various matrix relations. In this paper we investigate two problems related to constructing the zero-knowledge argument (ZKA) protocols for matrix relations. In the first part, we establish the ZKA for some bilinear matrix relations over Fp. The relations in consideration include (1) general forms of bilinear relations with two witness matrices and some most important special cases. (2) some special forms of bilinear relations with three or four witness matrices. (3) eigenvalue relation. In private computing tasks various important relations are instances or special cases of these relations, e.g., matrix multiplicative relation, inverse relation, similarity relation, some structure decomposition relation and some isomorphic relations for lattices and graphs, etc. Instead of applying the general linearization approach to dealing with these non-linear relations, our approach is matrix-specific. The matrix equation is treated as a tensor identity and probabilistic-equivalent reduction techniques (amortization) are widely applied to reduce non-linear matrix relations to vector nonlinear relations. With the author’s knowledge, currently there are no other systematic works on ZKA for nonlinear matrix relations. Our approach significantly outperforms the general linearization approach in all important performances, e.g., for n-by-t matrix witnesses the required size of c.r.s (only used as the public-key for commitment) can be compressed by 2t times; when n>>t or t>>n the number of rounds, group and field elements in messages are all decreased by ~1/2; when n~t (e.g., square witnesses) they are all decreased by ~1/3. In the second part, we enhance knowledge-soundness of ZKA for the linear matrix relation over the ground field Fp. By treating the matrix in F_p^(n×td) as a nt-dimensional vector over the d-th extended field over Fp and applying appropriate reductions, we decrease the knowledge-error of the original ZKA over Fp from O(1/p) down to O(1/p^d). This is comparable to the general parallel repetition approach which improves knowledge-error to the same degree, but our approach (matrix-specific) at the same time significantly improves other performances, e.g., smaller-sized c.r.s., fewer rounds and shorter messages.

Identifying a cluster around a seed node in a graph, termed local clustering, finds use in several applications, including fraud detection, targeted advertising, community detection, etc. However, performing local clustering is challenging when the graph is distributed among multiple data owners, which is further aggravated by the privacy concerns that arise in disclosing their view of the graph. This necessitates designing solutions for privacy-preserving local clustering and is addressed for the first time in the literature. We propose using the technique of secure multiparty computation (MPC) to achieve the same. Our local clustering algorithm is based on the heat kernel PageRank (HKPR) metric, which produces the best-known cluster quality. En route to our final solution, we have two important steps: (i) designing data-oblivious equivalent of the state-of-the-art algorithms for computing local clustering and HKPR values, and (ii) compiling the data-oblivious algorithms into its secure realisation via an MPC framework that supports operations over fixed-point arithmetic representation such as multiplication and division. Keeping efficiency in mind for large graphs, we choose the best-known honest-majority 3-party framework of SWIFT (Koti et al., USENIX'21) and enhance it with some of the necessary yet missing primitives, before using it for our purpose. We benchmark the performance of our secure protocols, and the reported run time showcases the practicality of the same. Further, we perform extensive experiments to evaluate the accuracy loss of our protocols. Compared to their cleartext counterparts, we observe that the results are comparable and thus showcase the practicality of the designed protocols.

SPHINCS+ was selected as a candidate digital signature scheme for standardization by the NIST Post-Quantum Cryptography Standardization Process. It offers security capabilities relying only on the security of cryptographic hash functions. However, it is less efficient than the lattice-based schemes. In this paper, we present an optimized software library for the SPHINCS+ signature scheme, which combines the Intel® Secure Hash Algorithm Extensions (SHA-NI) and AVX2 vector instructions. We obtain significant speed-up of SPHINCS+-128f-simple on both non-optimized (70%) and AVX2 reference implementations (8% -23%) offering 128-bit security.

In this note, we discuss using parameter sets for SPHINCS+ which support a smaller number of signatures than the $2^{64}$ target. This includes a larger search through the SPHINCS+ parameter space, comparing it with the current parameter sets and providing data on how the security degrades if one exceeds the limits.

DMTF is a standards organization by major industry players in IT infrastructure including AMD, Alibaba, Broadcom, Cisco, Dell, Google, Huawei, IBM, Intel, Lenovo, and NVIDIA, which aims to enable interoperability, e.g., including cloud, virtualization, network, servers and storage. It is currently standardizing a security protocol called SPDM, which aims to secure communication over the wire and to enable device attestation, notably also explicitly catering for communicating hardware components.

The SPDM protocol inherits requirements and design ideas from IETF's TLS 1.3. However, its state machines and transcript handling are substantially different and more complex. While architecture, specification, and open-source libraries of the current versions of SPDM are publicly available, these include no significant security analysis of any kind.

In this work we develop the first formal model of the SPDM protocol, notably of the current version 1.2.1, and formally analyze its main security properties.

Event date: 3 March to

Job description:

You are part of the KASTEL Security Research Labs and conduct research as part of the Cryptography and Security group of the Institute of Information Security and Dependability. You will conduct independent research in the field of cryptography while also guiding PhD students. In addition, you will perform teaching duties.

Personal qualification:

• You have a university degree (Master or equivalent) in computer science or a directly related field, and have completed an excellent PhD in cryptography.
• In addition, extensive expertise in a specialist subfield, such as
  • secure multiparty computation,
  • secure computation with trusted hardware, or
  • post-quantum cryptography,
  is required.
• Your research experience is evidenced by excellent publications at recognized international conferences.
• Teaching experience is highly desired.
• Furthermore, an interest in interdisciplinary research is desirable.
• Personally, you are characterized by an independent, structured way of working and a high degree of reliability.
• You also bring initiative, strong communication, and teamwork skills.
• The position requires a good command of the English language.

Start date: April 1, 2023

Contract duration: 2 years

Application up to: January 15, 2023

Closing date for applications:

Contact: Prof. Jörn Müller-Quade (joern.mueller-quade@kit.edu), Dr. Willi Geiselmann (willi.geiselmann@kit.edu)

More information: https://www.pse.kit.edu/english/karriere/joboffer.php?id=91701&new=true

The Department of Computer Science at the Flensburg University for Applied Sciences invites applications for a W2 professosrhip with appointment commencing on August, 2023, or shortly thereafter. We are conducting a targeted search in

• Internet and computer security
• distributed and decentralized security (e.g. cloud, blockchain)
• cryptography

The candidate has a PhD in a relevant field and at least 3 years working experience outside the academia. The committee solcites applications form PostDocs, assistant profs, research&engineers from the industry.

Interested candidates will kindly include their full CV and transcripts in their applications and send to personal.bewerbungen@hs-flensburg.de. You may also contact Prof. Dr. Sebastian Gajek for details.

Deadline for applications is January 7th, 2023.

We encourage early applications and review of applications will begin immediately. Only shortlisted applications will be notified.

Closing date for applications:

Contact: Sebastian Gajek (sebastian.gajek@hs-flensburg.de)

More information: https://hs-flensburg.de/hochschule/stellenangebote/2022/11/w2-professur-fuer-it-sicherheit-und-internettechnologien-mwd

We are hiring Ph.D. holders in applied cryptography, information security, privacy and blockchains. The successful candidate will join the CryptoLux team led by Prof. Alex Biryukov. He or she will contribute to a research project "Advanced Cryptography for Finance and Privacy (CryptoFin)", which is funded by FNR. The project is in collaboration with Stanford University and Ethereum Foundation's cryptography teams. Candidates with research interests in one or more of the following areas are welcome to apply:

• applied or symmetric cryptography
• cryptofinance, cryptoeconomics, blockchains
• anonymity and privacy on the Internet

Role The main responsibility of the successful candidate would be to:

• Conduct, publish and present research results at conferences
• Provide guidance to the two Ph.D. students of the project
• Attract funding in cooperation with academic and industrial partners

Your Profile

• A Ph.D. degree in Computer Science, Applied Mathematics or a related field
• Competitive research record in applied cryptography or information security (at least one paper in top 10 IT security/crypto conferences)
• Strong mathematical and algorithmic CS background, economics/finance - a plus
• Good skills in programming and scripting languages
• Fluent written/verbal communication skills in English

We offer a 1+2-year contract, highly competitive salaries and is an equal opportunity employer.

Application Applications, written in English, should be submitted online and should include:

• A brief cover letter explaining the candidate's motivation and research interests
• Curriculum Vitae (including photo, education/research/work, publications, interests, contributions to open-source projects, participation in research competitions, olympiads, CTFs, etc.)
• Contact information of 3 referees

Deadline for applications: January 15, 2023. Applications will be considered on receipt therefore applying before the deadline is encouraged.

Closing date for applications:

Contact: Prof. Alex Biryukov (e-mail: first name dot family name (at) uni.lu)

More information: https://www.cryptolux.org/index.php/Vacancies

The School of Electronics, Electrical Engineering & Computer Science (EEECS) at Queen’s University Belfast, is currently seeking to appoint an exceptional candidate to the post of Research Fellow. The successful candidate will conduct research into intrinsic physical unclonable function (PUF) designs for resource-constrained devices, such as approximate computing-based applications. This research is an EPSRC New Investigator Award funded project to develop secure intrinsic PUF designs on a RISC-V platform. The post holder will be based at the Centre of Secure Information Technology (CSIT) at the Institute of Electronics, Communication and Information Technologies (ECIT), Queen’s University Belfast. The post is a critical role, and as such, successful applicants will have responsibilities in independent research, supervision, planning, collaborations, and outreach.

The successful candidate must have, and your application should clearly demonstrate you have:

A 2:1 Honours degree in Electrical and Electronic Engineering/Computer Science/Mathematics (or related discipline).

Obtained, or be about to obtain, a PhD in a relevant subject.

At least 3 years’ relevant research experience in hardware security, embedded systems design, hardware design and/or hardware/software co-design.

Evidence of a strong publication record commensurate with career stage and experience.

Duration: This is a fixed term contact for 30 months, or available until 30/09/2025, whichever is sooner. Fixed term contract posts are available for the stated period in the first instance but in particular circumstances may be renewed or made permanent subject to availability of funding.

Application Deadline: 9 Jan 2023

Application details: https://www.jobs.ac.uk/job/CVV449/research-fellow-in-hardware-security

Closing date for applications:

Contact: Dr. Chongyan Gu (c.gu@qub.ac.uk)

More information: https://www.jobs.ac.uk/job/CVV449/research-fellow-in-hardware-security

The Department of Computer Science (CS) and the Department of Mathematics (Math) at the University of Central Florida (UCF) are seeking three full-time, 9-month faculty positions at the rank of assistant professor (tenure-earning), associate professor or professor (tenured) in the area of cyber security and privacy, with concentrations in one of the areas described below. The anticipated start date is August 8, 2023. • Area A (Math): Cryptography, applied cryptography, and intersection of algorithm and cryptography (e.g., quantum cryptography, post-quantum crypto, etc.). One faculty position is anticipated for this area. • Area B (Computer Science): Cloud, Edge, and IoT security (e.g., serverless computing, container security, etc.), system software, software supply chain security, and the security of Cyber Physical System, etc. Two faculty positions are anticipated for this area. These positions will be expected to strengthen both the tenure home department (Math or CS, as applicable), as well as the Cyber Security and Privacy Cluster and may include a combination of secondary joint appointments. The ideal candidates will be in the rank of assistant professor, but exceptional candidates at the rank of associate professor or professor will be considered. The ideal candidates will have a strong background in the areas listed.

Closing date for applications:

Contact: Questions regarding this search may be directed to Dr. Yan Solihin (yan.solihin@ucf.edu) or Dr. Paul Gazzillo (paul.gazzillo@ucf.edu).

More information: https://ucf.wd1.myworkdayjobs.com/careers/job/Orlando-FL-Main-Campus/Assistant-Professor--Associate-Professor--or-Professor--Cyber-Security-and-Privacy-Areas--Computer-Science-or-Mathematics-_R103069

The Helsinki Institute for Information Technology (HIIT) invites applications for Postdoctoral Fellows and Research Fellows. HIIT offers a HIIT Postdoctoral Fellow position up to three years. For more senior candidates, HIIT offers a HIIT Research Fellow position up to five years. The length of the contract as well as the starting and ending dates are negotiable.

All excellent researchers in any area of ICT can be considered, but priority is given to candidates who support one (or more) of the HIIT strategic focus areas:

• Artificial Intelligence
• Computational Health
• Cybersecurity
• Data Science
• Foundations of Computing

The deadline for applications is January 8th, 2023 at 11:59 PM (23:59 UTC+02:00). By applying to this call, organized by Helsinki Institute for Information Technology HIIT, you use one application to apply to positions for both of our hosting institutions, Aalto University and the University of Helsinki. Aalto University and the University of Helsinki are the two leading universities in Finland in computer science and information technology. Both are located in the Helsinki Metropolitan area, and the employing university will be determined by the supervising professor. Aalto University and the University of Helsinki are both committed to fostering an inclusive environment with people from diverse backgrounds, and researchers from underrepresented groups are particularly encouraged to apply.

Closing date for applications:

Contact:

For any question regarding the electronic application system, please contact Maaria Ilanko (firstname.lastname@aalto.fi)

For questions regarding these positions, please contact the HIIT coordinator at coordinator@hiit.fi

More information: https://www.hiit.fi/hiit-postdoctoral-and-research-fellow-positions/

Fortanix is hiring a Sr. Software Engineer, Cryptography. Join a passionate team that will highly appreciate your contributions.

You will

• Implement and maintain production-ready cryptography code in Rust and C/C++, including post-quantum algorithms and secure cryptography APIs.
• Analyze state-of-the-art attacks and implement side-channel mitigations.
• Participate in peer code review, educate.
• Help deploy, monitor, and tune the performance of our software.
• Analyze existing internal and partner security designs.

Requirements: A Master's degree or PhD in Cryptography or a related field, or equivalent training or work experience. Uncompromising integrity, outstanding attention to detail, programming experience.

We can offer: competitive salary, relocation support, 25 holidays and travel expense remuneration.

Closing date for applications:

Contact: francisco.vialprado@fortanix.com

We are seeking two PhD candidates interested in interdisciplinary research on the development, efficient implementation (hardware and software), use, orchestration, and improvement of privacy-preserving and data anonymization techniques.

What are you going to do?

• Carry out original research in the field of implementation and applications of privacy preserving technologies for data analytics in healthcare
• Be active in the fundamental and/or applied research area, publishing in high level international journals and presenting at leading conferences
• Take part in ongoing educational activities, such as assisting in a course and guiding student thesis projects, at the BSc or MSc level
• Collaborate with other groups, institutes and/or companies by contributing expertise to joint research projects
• Contribute to activities and deliverables of the SECURED Horizon Europe Project

What do you have to offer?

• An MSc degree in Computer Science, Computer Engineering, or Electrical Engineering (or a related discipline)
• Strong analytical and technical skills; Good problem-solving skills
• An interdisciplinary mindset and an open and proactive personality in interacting with researchers from different disciplines
• A strong scientific interest in security and privacy, in particular in at least one of the following two fields:
• efficient implementation of cryptographic and privacy preserving primitives, both in hardware and in software
• application, orchestration, and improvement of privacy-preserving techniques to achieve given data protection objectives
• The willingness to work in a highly international research team;
• Fluency in oral and written English and good presentation skills
• Ability to assess practical implementation of privacy preserving techniques

More information and application form:

https://vacatures.uva.nl/UvA/job/Two-PhD-Positions-on-Efficient-Privacy-preserving-Techniques-for-Data-Analysis-and-Machine/760571702/

Closing date for applications:

Contact: Francesco Regazzoni

More information: https://tinyurl.com/4s4kzwn6

Messages in large-scale networks such as blockchain systems are typically disseminated using flooding protocols, in which parties send the message to a random set of peers until it reaches all parties. Optimizing the communication complexity of such protocols and, in particular, the per-party communication complexity is of primary interest since nodes in a network are often subject to bandwidth constraints. Previous flooding protocols incur a communication complexity of $\Omega(l\cdot n \cdot (\log(n) + \kappa))$ bits to disseminate an $l$-bit message among $n$ parties with security parameter $\kappa$. In this work, we present the first flooding protocols with optimal total communication complexity of $O(l\cdot n)$ bits and per-party communication of $O(l)$ bits. We further show how our protocols can be instantiated provably securely in proof-of-stake blockchains. To demonstrate that one of our new protocols is not only asymptotically optimal but also practical, we perform several probabilistic simulations to estimate the concrete complexity for given parameters. Our simulations show that our protocol significantly improves the per-party communication complexity over the state-of-the-art for practical parameters. Hence, for given bandwidth constraints, our results allow to, e.g., increase the block size, improving the overall throughput of the blockchain.

The recent work of Chaturvedi et al. (ePrint 2022/685) claims to observe leakage about secret information in a ciphertext of TFHE through a timing side-channel on the (untrusted) server. In (Chaturvedi et al., ePrint 2022/1563) this is combined with an active attack against TFHE and FHEW. The claims in (Chaturvedi et al., ePrint 2022/685) about the non-trivial leakage from a ciphertext would have far-reaching implications, since the server does not have any secret inputs. In particular, this would mean a weakening of LWE in general, since an adversary could always simulate a server on which there is side channel leakage.

In this short note, we show that the claims made in the two aforementioned works with regards to the leakage through the timing side channel are false. We demonstrate that the active attack, a standard attack against IND-CPA secure LWE-based encryption, can be mounted just as efficiently without the "side channel information".

Cross-chain communication is instrumental in unleashing the full potential of blockchain technologies, as it allows users and developers to exploit the unique design features and the profit opportunities of different existing blockchains. Solutions based on trusted third parties (TTPs) suffer from security and scalability drawbacks; hence, increasing attention has recently been given to decentralized solutions. Lock contracts (e.g., HTLCs and adaptor signatures) and chain relays emerged as the two most prominent attempts to achieve cross-chain communication without TTPs. Lock contracts enable efficient synchronization of single transactions over different chains but are limited in expressiveness as they only support the development of a restricted class of applications (e.g., atomic swaps). On the other hand, chain relays enable the development of arbitrary cross-chain applications but are extremely expensive to operate in practice because they need to synchronize every on-chain transaction, besides assuming a quasi Turing-complete scripting language, which makes them incompatible with Bitcoin-based and scriptless blockchains.

We introduce Glimpse, a novel on-demand cross-chain synchronization primitive, which is both efficient in terms of on-chain costs and computational overhead, and expressive in terms of applications it supports. The key idea of Glimpse is to synchronize transactions on-demand, i.e., only those relevant to realize the cross-chain application of interest. We present a concrete instantiation which is compatible with blockchains featuring a limited scripting language (e.g., Bitcoin-based chains like Liquid), and, yet, can be used as a building block for the design of DeFi applications such as lending, pegs, wrapping/unwrapping of tokens, Proof-of-Burn, and verification of multiple oracle attestations. We formally define and prove Glimpse security in the Universal Composability (UC) framework and conduct an economical security analysis to identify the secure parameter space in the rational setting. Finally, we evaluate the cost of Glimpse for Bitcoin-like chains, showing that verifying a simple transaction has at most 700 bytes of on-chain overhead, resulting in a one-time fee of 3$, only twice as much as a basic Bitcoin transaction.

Verifying the absence of maliciously inserted Trojans in ICs is a crucial task – especially for security-enabled products. Depending on the concrete threat model, different techniques can be applied for this purpose. Assuming that the original IC layout is benign and free of backdoors, the primary security threats are usually identified as the outsourced manufacturing and transportation. To ensure the absence of Trojans in commissioned chips, one straightforward solution is to compare the received semiconductor devices to the design files that were initially submitted to the foundry. Clearly, conducting such a comparison requires advanced laboratory equipment and qualified experts. Nevertheless, the fundamental techniques to detect Trojans which require evident changes to the silicon layout are nowadays well-understood. Despite this, there is a glaring lack of public case studies describing the process in its entirety while making the underlying datasets publicly available. In this work, we aim to improve upon this state of the art by presenting a public and open hardware Trojan detection case study based on four different digital ICs using a Red Team vs. Blue Team approach. Hereby, the Red Team creates small changes acting as surrogates for inserted Trojans in the layouts of 90 nm, 65 nm, 40 nm, and 28 nm ICs. The quest of the Blue Team is to detect all differences between digital layout and manufactured device by means of a GDSII–vs–SEM-image comparison. Can the Blue Team perform this task efficiently? Our results spark optimism for the Trojan seekers and answer common questions about the efficiency of such techniques for relevant IC sizes. Further, they allow to draw conclusions about the impact of technology scaling on the detection performance.