International Association
for Cryptologic Research

Non-committing encryption (NCE) is an advanced form of public-key encryption which guarantees the security of a Multi-Party Computation (MPC) protocol in the presence of an adaptive adversary. Brakerski et al. (TCC 2020) recently proposed an intermediate notion, termed Packed Encryption with Partial Equivocality (PEPE), which implies NCE and preserves the ciphertext rate (up to a constant factor). In this work, we propose three new constructions of rate-1 PEPE based on standard assumptions. In particular, we obtain the first constant ciphertext-rate NCE construction from the LWE assumption with polynomial modulus, and from the Subgroup Decision assumption. We also propose an alternative DDH-based construction with guaranteed polynomial running time.

Messaging Layer Security (MLS), currently undergoing standardization at the IETF, is an asynchronous group messaging protocol that aims to be efficient for large dynamic groups, while providing strong guarantees like forward secrecy (FS) and post-compromise security (PCS). While prior work on MLS has extensively studied its group key establishment component (called TreeKEM), many flaws in early designs of MLS have stemmed from its group integrity and authentication mechanisms that are not as well-understood. In this work, we identify and formalize TreeSync: a sub-protocol of MLS that specifies the shared group state, defines group management operations, and ensures consistency, integrity, and authentication for the group state across all members.

We present a precise, executable, machine-checked formal specification of TreeSync, and show how it can be composed with other components to implement the full MLS protocol. Our specification is written in F* and serves as a reference implementation of MLS; it passes the RFC test vectors and is interoperable with other MLS implementations. Using the DY* symbolic protocol analysis framework, we formalize and prove the integrity and authentication guarantees of TreeSync, under minimal security assumptions on the rest of MLS. Our analysis identifies a new attack and we propose several changes that have been incorporated in the latest MLS draft. Ours is the first testable, machine-checked, formal specification for MLS, and should be of interest to both developers and researchers interested in this upcoming standard.

The Simeck family of lightweight block ciphers was proposed by Yang et al. in 2015, which combines the design features of the NSA-designed block ciphers Simon and Speck. Linear cryptanalysis using super-rounds was proposed by Almukhlifi and Vora to increase the efficiency of implementing Matsui’s second algorithm and achieved good results on all variants of Simon. The improved linear attacks result from the observation that, after four rounds of encryption, one bit of the left half of the state of the cipher depends on only 17 key bits (19 key bits for the larger variants of the cipher). Furthermore, due to the similarity between the design of Simon and Simeck, we were able to follow the same attack model and present improved linear attacks against all variants of Simeck. In this paper, we present attacks on 19-rounds of Simeck 32/64, 28-rounds of Simeck 48/96, and 33-rounds of Simeck 64/128, often with the direct recovery of the full master key without repeating the attack over multiple rounds. We also verified the results of linear cryptanalysis on 8, 10, and 12 rounds for Simeck 32/64.

We introduce the Merkle Tree Ladder (MTL) mode of operation for signature schemes. MTL mode signs messages using an underlying signature scheme in such a way that the resulting signatures are condensable: a set of MTL mode signatures can be conveyed from a signer to a verifier in fewer bits than if the MTL mode signatures were sent individually. In MTL mode, the signer sends a shorter condensed signature for each message of interest and occasionally provides a longer reference value that helps the verifier process the condensed signatures. We show that in a practical scenario involving random access to an initial series of 10,000 signatures that expands gradually over time, MTL mode can reduce the size impact of the NIST PQC signature algorithms, which have signature sizes of 666 to 7856 bytes with example parameter sets, to a condensed signature size of 472 bytes per message. Even adding the overhead of the reference values, MTL mode signatures still reduce the overall signature size impact under a range of operational assumptions. Because MTL mode itself is quantum-safe, the mode can support long-term cryptographic resiliency in applications where signature size impact is a concern without limiting cryptographic diversity only to algorithms whose signatures are naturally short.

Custodial secret management services provide a convenient centralized user experience, portability, and emergency recovery for users who cannot reliably remember or store their own credentials and cryptographic keys. Unfortunately, these benefits are only available when users compromise the security of their secrets and entrust them to a third party. This makes custodial secret management service providers ripe targets for exploitation, and exposes valuable and sensitive data to data leaks, insider attacks, and password cracking, among other dangers. Several password managers and cryptocurrency wallets today utilize non-custodial solutions, where their users are in charge of a high-entropy secret, such as a cryptographic secret key or a long passphrase, that controls access to their data. One can argue that these solutions have a stronger security model, as the service provider no longer constitutes a single point of trust. However, the obvious downside is that it is very difficult for people to store cryptographic secrets reliably, making emergency recovery a serious problem. We present Acsesor: a new framework for auditable custodial secret management with decentralized trust. Our framework offers a middle-ground between a fully custodial (centralized) and fully non-custodial (user-managed/distributed) recovery system: it enhances custodial recovery systems with cryptographically assured access monitoring and a distributed trust assumption. In particular, the Acsesor framework distributes the recovery process across a set of (user-chosen) guardians. However, the user is never required to interact directly with the guardians during recovery, which allows us to retain the high usability of centralized custodial solutions. Additionally, Acsesor retains the strong resilience guarantees that custodial systems provide against fraud attacks. Finally, by allowing the guardians to implement flexible user-chosen response policies, Acsesor can address a broad range of problem scenarios in classical secret management solutions. For example, a slow recovery policy, where the guardians wait for a predefined time until responding, can replace the cumbersome passphrases many cryptocurrency wallets implement today for emergency recovery. We also instantiate the Acsesor framework with a base protocol built of standard primitives: standard encryption schemes and privacy-preserving transparency ledgers. Our construction requires no persistent storage from its users and supports an expansive array of configuration options and extensions.

In data-intensive private computing applications various relations appear as or can be reduced to various matrix relations. In this paper we investigate two problems related to constructing the zero-knowledge argument (ZKA) protocols for matrix relations. In the first part, we establish the ZKA for some bilinear matrix relations over Fp. The relations in consideration include (1) general forms of bilinear relations with two witness matrices and some most important special cases. (2) some special forms of bilinear relations with three or four witness matrices. (3) eigenvalue relation. In private computing tasks various important relations are instances or special cases of these relations, e.g., matrix multiplicative relation, inverse relation, similarity relation, some structure decomposition relation and some isomorphic relations for lattices and graphs, etc. Instead of applying the general linearization approach to dealing with these non-linear relations, our approach is matrix-specific. The matrix equation is treated as a tensor identity and probabilistic-equivalent reduction techniques (amortization) are widely applied to reduce non-linear matrix relations to vector nonlinear relations. With the author’s knowledge, currently there are no other systematic works on ZKA for nonlinear matrix relations. Our approach significantly outperforms the general linearization approach in all important performances, e.g., for n-by-t matrix witnesses the required size of c.r.s (only used as the public-key for commitment) can be compressed by 2t times; when n>>t or t>>n the number of rounds, group and field elements in messages are all decreased by ~1/2; when n~t (e.g., square witnesses) they are all decreased by ~1/3. In the second part, we enhance knowledge-soundness of ZKA for the linear matrix relation over the ground field Fp. By treating the matrix in F_p^(n×td) as a nt-dimensional vector over the d-th extended field over Fp and applying appropriate reductions, we decrease the knowledge-error of the original ZKA over Fp from O(1/p) down to O(1/p^d). This is comparable to the general parallel repetition approach which improves knowledge-error to the same degree, but our approach (matrix-specific) at the same time significantly improves other performances, e.g., smaller-sized c.r.s., fewer rounds and shorter messages.

Identifying a cluster around a seed node in a graph, termed local clustering, finds use in several applications, including fraud detection, targeted advertising, community detection, etc. However, performing local clustering is challenging when the graph is distributed among multiple data owners, which is further aggravated by the privacy concerns that arise in disclosing their view of the graph. This necessitates designing solutions for privacy-preserving local clustering and is addressed for the first time in the literature. We propose using the technique of secure multiparty computation (MPC) to achieve the same. Our local clustering algorithm is based on the heat kernel PageRank (HKPR) metric, which produces the best-known cluster quality. En route to our final solution, we have two important steps: (i) designing data-oblivious equivalent of the state-of-the-art algorithms for computing local clustering and HKPR values, and (ii) compiling the data-oblivious algorithms into its secure realisation via an MPC framework that supports operations over fixed-point arithmetic representation such as multiplication and division. Keeping efficiency in mind for large graphs, we choose the best-known honest-majority 3-party framework of SWIFT (Koti et al., USENIX'21) and enhance it with some of the necessary yet missing primitives, before using it for our purpose. We benchmark the performance of our secure protocols, and the reported run time showcases the practicality of the same. Further, we perform extensive experiments to evaluate the accuracy loss of our protocols. Compared to their cleartext counterparts, we observe that the results are comparable and thus showcase the practicality of the designed protocols.

SPHINCS+ was selected as a candidate digital signature scheme for standardization by the NIST Post-Quantum Cryptography Standardization Process. It offers security capabilities relying only on the security of cryptographic hash functions. However, it is less efficient than the lattice-based schemes. In this paper, we present an optimized software library for the SPHINCS+ signature scheme, which combines the Intel® Secure Hash Algorithm Extensions (SHA-NI) and AVX2 vector instructions. We obtain significant speed-up of SPHINCS+-128f-simple on both non-optimized (70%) and AVX2 reference implementations (8% -23%) offering 128-bit security.

In this note, we discuss using parameter sets for SPHINCS+ which support a smaller number of signatures than the $2^{64}$ target. This includes a larger search through the SPHINCS+ parameter space, comparing it with the current parameter sets and providing data on how the security degrades if one exceeds the limits.

DMTF is a standards organization by major industry players in IT infrastructure including AMD, Alibaba, Broadcom, Cisco, Dell, Google, Huawei, IBM, Intel, Lenovo, and NVIDIA, which aims to enable interoperability, e.g., including cloud, virtualization, network, servers and storage. It is currently standardizing a security protocol called SPDM, which aims to secure communication over the wire and to enable device attestation, notably also explicitly catering for communicating hardware components.

The SPDM protocol inherits requirements and design ideas from IETF's TLS 1.3. However, its state machines and transcript handling are substantially different and more complex. While architecture, specification, and open-source libraries of the current versions of SPDM are publicly available, these include no significant security analysis of any kind.

In this work we develop the first formal model of the SPDM protocol, notably of the current version 1.2.1, and formally analyze its main security properties.

Event date: 3 March to

Job description:

You are part of the KASTEL Security Research Labs and conduct research as part of the Cryptography and Security group of the Institute of Information Security and Dependability. You will conduct independent research in the field of cryptography while also guiding PhD students. In addition, you will perform teaching duties.

Personal qualification:

• You have a university degree (Master or equivalent) in computer science or a directly related field, and have completed an excellent PhD in cryptography.
• In addition, extensive expertise in a specialist subfield, such as
  • secure multiparty computation,
  • secure computation with trusted hardware, or
  • post-quantum cryptography,
  is required.
• Your research experience is evidenced by excellent publications at recognized international conferences.
• Teaching experience is highly desired.
• Furthermore, an interest in interdisciplinary research is desirable.
• Personally, you are characterized by an independent, structured way of working and a high degree of reliability.
• You also bring initiative, strong communication, and teamwork skills.
• The position requires a good command of the English language.

Start date: April 1, 2023

Contract duration: 2 years

Application up to: January 15, 2023

Closing date for applications:

Contact: Prof. Jörn Müller-Quade (joern.mueller-quade@kit.edu), Dr. Willi Geiselmann (willi.geiselmann@kit.edu)

More information: https://www.pse.kit.edu/english/karriere/joboffer.php?id=91701&new=true

The Department of Computer Science at the Flensburg University for Applied Sciences invites applications for a W2 professosrhip with appointment commencing on August, 2023, or shortly thereafter. We are conducting a targeted search in

• Internet and computer security
• distributed and decentralized security (e.g. cloud, blockchain)
• cryptography

The candidate has a PhD in a relevant field and at least 3 years working experience outside the academia. The committee solcites applications form PostDocs, assistant profs, research&engineers from the industry.

Interested candidates will kindly include their full CV and transcripts in their applications and send to personal.bewerbungen@hs-flensburg.de. You may also contact Prof. Dr. Sebastian Gajek for details.

Deadline for applications is January 7th, 2023.

We encourage early applications and review of applications will begin immediately. Only shortlisted applications will be notified.

Closing date for applications:

Contact: Sebastian Gajek (sebastian.gajek@hs-flensburg.de)

More information: https://hs-flensburg.de/hochschule/stellenangebote/2022/11/w2-professur-fuer-it-sicherheit-und-internettechnologien-mwd

We are hiring Ph.D. holders in applied cryptography, information security, privacy and blockchains. The successful candidate will join the CryptoLux team led by Prof. Alex Biryukov. He or she will contribute to a research project "Advanced Cryptography for Finance and Privacy (CryptoFin)", which is funded by FNR. The project is in collaboration with Stanford University and Ethereum Foundation's cryptography teams. Candidates with research interests in one or more of the following areas are welcome to apply:

• applied or symmetric cryptography
• cryptofinance, cryptoeconomics, blockchains
• anonymity and privacy on the Internet

Role The main responsibility of the successful candidate would be to:

• Conduct, publish and present research results at conferences
• Provide guidance to the two Ph.D. students of the project
• Attract funding in cooperation with academic and industrial partners

Your Profile

• A Ph.D. degree in Computer Science, Applied Mathematics or a related field
• Competitive research record in applied cryptography or information security (at least one paper in top 10 IT security/crypto conferences)
• Strong mathematical and algorithmic CS background, economics/finance - a plus
• Good skills in programming and scripting languages
• Fluent written/verbal communication skills in English

We offer a 1+2-year contract, highly competitive salaries and is an equal opportunity employer.

Application Applications, written in English, should be submitted online and should include:

• A brief cover letter explaining the candidate's motivation and research interests
• Curriculum Vitae (including photo, education/research/work, publications, interests, contributions to open-source projects, participation in research competitions, olympiads, CTFs, etc.)
• Contact information of 3 referees

Deadline for applications: January 15, 2023. Applications will be considered on receipt therefore applying before the deadline is encouraged.

Closing date for applications:

Contact: Prof. Alex Biryukov (e-mail: first name dot family name (at) uni.lu)

More information: https://www.cryptolux.org/index.php/Vacancies

The School of Electronics, Electrical Engineering & Computer Science (EEECS) at Queen’s University Belfast, is currently seeking to appoint an exceptional candidate to the post of Research Fellow. The successful candidate will conduct research into intrinsic physical unclonable function (PUF) designs for resource-constrained devices, such as approximate computing-based applications. This research is an EPSRC New Investigator Award funded project to develop secure intrinsic PUF designs on a RISC-V platform. The post holder will be based at the Centre of Secure Information Technology (CSIT) at the Institute of Electronics, Communication and Information Technologies (ECIT), Queen’s University Belfast. The post is a critical role, and as such, successful applicants will have responsibilities in independent research, supervision, planning, collaborations, and outreach.

The successful candidate must have, and your application should clearly demonstrate you have:

A 2:1 Honours degree in Electrical and Electronic Engineering/Computer Science/Mathematics (or related discipline).

Obtained, or be about to obtain, a PhD in a relevant subject.

At least 3 years’ relevant research experience in hardware security, embedded systems design, hardware design and/or hardware/software co-design.

Evidence of a strong publication record commensurate with career stage and experience.

Duration: This is a fixed term contact for 30 months, or available until 30/09/2025, whichever is sooner. Fixed term contract posts are available for the stated period in the first instance but in particular circumstances may be renewed or made permanent subject to availability of funding.

Application Deadline: 9 Jan 2023

Application details: https://www.jobs.ac.uk/job/CVV449/research-fellow-in-hardware-security

Closing date for applications:

Contact: Dr. Chongyan Gu (c.gu@qub.ac.uk)

More information: https://www.jobs.ac.uk/job/CVV449/research-fellow-in-hardware-security

The Department of Computer Science (CS) and the Department of Mathematics (Math) at the University of Central Florida (UCF) are seeking three full-time, 9-month faculty positions at the rank of assistant professor (tenure-earning), associate professor or professor (tenured) in the area of cyber security and privacy, with concentrations in one of the areas described below. The anticipated start date is August 8, 2023. • Area A (Math): Cryptography, applied cryptography, and intersection of algorithm and cryptography (e.g., quantum cryptography, post-quantum crypto, etc.). One faculty position is anticipated for this area. • Area B (Computer Science): Cloud, Edge, and IoT security (e.g., serverless computing, container security, etc.), system software, software supply chain security, and the security of Cyber Physical System, etc. Two faculty positions are anticipated for this area. These positions will be expected to strengthen both the tenure home department (Math or CS, as applicable), as well as the Cyber Security and Privacy Cluster and may include a combination of secondary joint appointments. The ideal candidates will be in the rank of assistant professor, but exceptional candidates at the rank of associate professor or professor will be considered. The ideal candidates will have a strong background in the areas listed.

Closing date for applications:

Contact: Questions regarding this search may be directed to Dr. Yan Solihin (yan.solihin@ucf.edu) or Dr. Paul Gazzillo (paul.gazzillo@ucf.edu).

More information: https://ucf.wd1.myworkdayjobs.com/careers/job/Orlando-FL-Main-Campus/Assistant-Professor--Associate-Professor--or-Professor--Cyber-Security-and-Privacy-Areas--Computer-Science-or-Mathematics-_R103069

The Helsinki Institute for Information Technology (HIIT) invites applications for Postdoctoral Fellows and Research Fellows. HIIT offers a HIIT Postdoctoral Fellow position up to three years. For more senior candidates, HIIT offers a HIIT Research Fellow position up to five years. The length of the contract as well as the starting and ending dates are negotiable.

All excellent researchers in any area of ICT can be considered, but priority is given to candidates who support one (or more) of the HIIT strategic focus areas:

• Artificial Intelligence
• Computational Health
• Cybersecurity
• Data Science
• Foundations of Computing

The deadline for applications is January 8th, 2023 at 11:59 PM (23:59 UTC+02:00). By applying to this call, organized by Helsinki Institute for Information Technology HIIT, you use one application to apply to positions for both of our hosting institutions, Aalto University and the University of Helsinki. Aalto University and the University of Helsinki are the two leading universities in Finland in computer science and information technology. Both are located in the Helsinki Metropolitan area, and the employing university will be determined by the supervising professor. Aalto University and the University of Helsinki are both committed to fostering an inclusive environment with people from diverse backgrounds, and researchers from underrepresented groups are particularly encouraged to apply.

Closing date for applications:

Contact:

For any question regarding the electronic application system, please contact Maaria Ilanko (firstname.lastname@aalto.fi)

For questions regarding these positions, please contact the HIIT coordinator at coordinator@hiit.fi

More information: https://www.hiit.fi/hiit-postdoctoral-and-research-fellow-positions/

Fortanix is hiring a Sr. Software Engineer, Cryptography. Join a passionate team that will highly appreciate your contributions.

You will

• Implement and maintain production-ready cryptography code in Rust and C/C++, including post-quantum algorithms and secure cryptography APIs.
• Analyze state-of-the-art attacks and implement side-channel mitigations.
• Participate in peer code review, educate.
• Help deploy, monitor, and tune the performance of our software.
• Analyze existing internal and partner security designs.

Requirements: A Master's degree or PhD in Cryptography or a related field, or equivalent training or work experience. Uncompromising integrity, outstanding attention to detail, programming experience.

We can offer: competitive salary, relocation support, 25 holidays and travel expense remuneration.

Closing date for applications:

Contact: francisco.vialprado@fortanix.com

We are seeking two PhD candidates interested in interdisciplinary research on the development, efficient implementation (hardware and software), use, orchestration, and improvement of privacy-preserving and data anonymization techniques.

What are you going to do?

• Carry out original research in the field of implementation and applications of privacy preserving technologies for data analytics in healthcare
• Be active in the fundamental and/or applied research area, publishing in high level international journals and presenting at leading conferences
• Take part in ongoing educational activities, such as assisting in a course and guiding student thesis projects, at the BSc or MSc level
• Collaborate with other groups, institutes and/or companies by contributing expertise to joint research projects
• Contribute to activities and deliverables of the SECURED Horizon Europe Project

What do you have to offer?

• An MSc degree in Computer Science, Computer Engineering, or Electrical Engineering (or a related discipline)
• Strong analytical and technical skills; Good problem-solving skills
• An interdisciplinary mindset and an open and proactive personality in interacting with researchers from different disciplines
• A strong scientific interest in security and privacy, in particular in at least one of the following two fields:
• efficient implementation of cryptographic and privacy preserving primitives, both in hardware and in software
• application, orchestration, and improvement of privacy-preserving techniques to achieve given data protection objectives
• The willingness to work in a highly international research team;
• Fluency in oral and written English and good presentation skills
• Ability to assess practical implementation of privacy preserving techniques

More information and application form:

https://vacatures.uva.nl/UvA/job/Two-PhD-Positions-on-Efficient-Privacy-preserving-Techniques-for-Data-Analysis-and-Machine/760571702/

Closing date for applications:

Contact: Francesco Regazzoni

More information: https://tinyurl.com/4s4kzwn6

Messages in large-scale networks such as blockchain systems are typically disseminated using flooding protocols, in which parties send the message to a random set of peers until it reaches all parties. Optimizing the communication complexity of such protocols and, in particular, the per-party communication complexity is of primary interest since nodes in a network are often subject to bandwidth constraints. Previous flooding protocols incur a communication complexity of $\Omega(l\cdot n \cdot (\log(n) + \kappa))$ bits to disseminate an $l$-bit message among $n$ parties with security parameter $\kappa$. In this work, we present the first flooding protocols with optimal total communication complexity of $O(l\cdot n)$ bits and per-party communication of $O(l)$ bits. We further show how our protocols can be instantiated provably securely in proof-of-stake blockchains. To demonstrate that one of our new protocols is not only asymptotically optimal but also practical, we perform several probabilistic simulations to estimate the concrete complexity for given parameters. Our simulations show that our protocol significantly improves the per-party communication complexity over the state-of-the-art for practical parameters. Hence, for given bandwidth constraints, our results allow to, e.g., increase the block size, improving the overall throughput of the blockchain.