International Association
for Cryptologic Research

Michael Backes (https://cispa.de/en/people/backes) and Yang Zhang (https://yangzhangalmo.github.io/) at CISPA Helmholtz Center for Information Security (https://cispa.de/en) are looking for multiple fully-funded Ph.D. students and Post-Docs working on

• Trustworthy machine learning
• Online misinformation

CISPA is one of the world-leading research institutes concentrating on information security and privacy. It is constantly ranked top-1 in the field worldwide, see, e.g., CSrankings.org:  (http://csrankings.org/#/index?sec&world). Located in Saarbruecken, Germany, CISPA is the newest member of the Helmholtz Association (https://www.helmholtz.de/en/), the largest scientific organization in Germany fully committed to scientific excellence and to tackling the grand research challenges in their respective fields. The working language of CISPA is English and knowledge of German is not required.

Requirements:

• A bachelor/master degree in Computer Science, Information Security, or Mathematics
• Excellent English (knowledge of German is not required)
• Excellent programming skills
• Good knowledge about machine learning/data mining

What we offer:

• Full-time working contract (12-month E13-level salary, ~2,500 euros per month)
• Excellent research environment
• Strong supervision
• World-class collaborations

To apply, please send your CV to Yang Zhang (zhang@cispa.de)

Closing date for applications:

Contact: Yang Zhang

The Complex Cyber Infrastructure (CCI) group of the University of Amsterdam is looking for an ambitious researcher in the broad area of security and privacy, to further strengthen our research and education in this field. Depending on qualifications and experience, the new colleague will be employed either as Assistant Professor or as Associate Professor.

Closing date for applications:

Contact: Zoltan Mann (z.a.mann at uva.nl)

More information: https://vacatures.uva.nl/UvA/job/Assistant-or-Associate-Professor-in-Security-and-Privacy/761330802/

The University of Innsbruck, located in the heart of the alps, has a tenure track opportunity in the field of cryptography.

The Department of Computer Science is looking for an ambitious researcher to build a bridge between the interdisciplinary approach taken by its Security & Privacy Lab and theoretical research groups, like Computational Logic and Theoretical Computer Science. Research activities would focus on producing evidence on the security or privacy of cryptographic systems covering theory and/or implementation. The individual should be comfortable teaching multiple approaches to cryptography. The ideal candidate would build a research group on cryptography in the course of the tenure process, the details of which are negotiated in the first year of employment as routinely done in the Austrian academic system.

Tyrol, Austria is one of the most livable places in Europe with world-class healthcare, excellent social security, and free education from kindergarden to university.

Applications are due on 7 March 2023. Follow the link above for more details.

Closing date for applications:

Contact: Rainer Böhme -- rainer.boehme at uibk.ac.at

More information: https://informationsecurity.uibk.ac.at/pdfs/vacancy_cryptography_2023.pdf

We are looking for a German-speaking

Head of Cryptology Unit (m/f/d)

in the middle of Germany starting at the earliest possible date.

The most important resource for the Cyberagentur are satisfied, motivated and hard-working employees. Our goal is to offer an inspiring and creative environment in a great team. Our mission is to identify tomorrow’s topics in cyber security and related key technologies. We fund and supervise exciting and outstanding research projects. By doing so, we support Germany’s future technological leadership as well as the nation’s digital sovereignty.

Modern cryptographic methods are essential building blocks of the cyber security for tomorrow and beyond. At the Cyberagentur, you will work on current topics such as encrypted computing, zero trust and holistic authentication. With your team, you will accompany attractive calls for tenders in the field of cryptology research, be an essential part of the evaluation of research projects, and accompany commissioned research projects from initiation to completion, thus ensuring the quality and usability of the results. Internally, you will contribute to our knowledge management in this domain. Furthermore, you will take appropriate measures to ensure that Germany remains an attractive location for research in cryptology.

Have we aroused your interest? Then apply now!

You can find the exact details of the position in German on our career page.

Closing date for applications:

Contact: Matthias Strauß

Head of HR

More information: https://app.connectoor.de/jobview?jobid=62d93ff0ddb2330e1d8b456e

We are looking for a German-speaking

Research Officer Cryptology (m/f/d)

in the middle of Germany starting at the earliest possible date.

The most important resource for the Cyberagentur are satisfied, motivated and hard-working employees. Our goal is to offer an inspiring and creative environment in a great team. Our mission is to identify tomorrow’s topics in cyber security and related key technologies. We fund and supervise exciting and outstanding research projects. By doing so, we support Germany’s future technological leadership as well as the nation’s digital sovereignty.

Modern cryptographic methods are essential building blocks of the cyber security for tomorrow and beyond. At the Cyberagentur, you will work on current topics such as encrypted computing, zero trust and holistic authentication. With your team, you will accompany attractive calls for tenders in the field of cryptology research, be an essential part of the evaluation of research projects, and accompany commissioned research projects from initiation to completion, thus ensuring the quality and usability of the results. Internally, you will contribute to our knowledge management in this domain. Furthermore, you will take appropriate measures to ensure that Germany remains an attractive location for research in cryptology.

Have we aroused your interest? Then apply now!

You can find the details of the position in German on our career page.

Closing date for applications:

Contact: Matthias Strauß

Head of HR

More information: https://app.connectoor.de/jobview?jobid=62d506deddb233fc338b4579

Assistant Professor- Cyber Security Job Description The School of Informatics Computing and Cyber Systems at Northern Arizona University seeks a Tenure Track faculty member in the discipline of Cyber Security, with specialization in cryptography, blockchains, or related software-based cybersecurity areas. This faculty member will teach undergraduate and graduate courses in cybersecurity and related computer science topics along with special topics in their area of research expertise, will mentor MS and PhD students, and should demonstrate a commitment to Diversity, Equity, Inclusion and Justice (DEIJ) through their research and scholastic activities. This faculty member will have the opportunity to closely collaborate within SICCS with world-class researchers studying informatics, data science, ecology, health, cybersecurity, autonomous vehicles, remote sensing, power systems, networks, and sensors, among other topics. SICCS and NAU have robust hardware- and software-based cybersecurity research programs, providing substantial collaborative opportunities. The State of Arizona is a world-class hub for the software industry, with many opportunities for industry engagement in the region. Minimum Qualifications Minimum qualifications include an earned doctoral (Ph.D. or Sc.D.) degree in Computer Science, Cybersecurity or a closely related area before the appointment. Salary Commensurate with experience. Submission Deadline This vacancy will be open until filled or closed. Review of applications will begin on January 19, 2023. Equal Employment Opportunity Northern Arizona University is a committed Equal Opportunity/Affirmative Action Institution. Women, minorities, veterans and individuals with disabilities are encouraged to apply. NAU is responsive to the needs of dual career couples. For more information, and to apply, please visit: https://apptrkr.com/3778561

Closing date for applications:

Contact: Human Resources

More information: https://apptrkr.com/3778561

Are you excited about fundamental questions in quantum information science? Would you like to join the world-leading group of researchers at QuSoft in Amsterdam? We have various open positions for fully funded PhD and PostDoc candidates in the groups of:

• Stacey Jeffery (quantum computing and theoretical computer science);
• Ludovico Lami (quantum resources and entanglement theory);
• John van de Wetering (quantum circuit compilation);
• Christian Schaffner (key management in quantum networks, quantum-safe cryptography)

Applications received by 15 January 2023 will receive full consideration. For full details on the positions and how to apply, see

• https://vacatures.uva.nl/UvA/job/QuSoft-PhD/761215402/
• https://vacatures.uva.nl/UvA/job/PhD-in-Quantum-Safe-Cryptography/748964602/
• https://vacatures.uva.nl/UvA/job/QuSoft-PostDoc/761748202/

PhD: your salary will range between €2,541 in the first year to €3,247 gross per month in the last year of employment. A Master’s degree is required. PostDoc: your salary will range between € 2,960 and € 4,670 gross per month, depending on relevant experience.

In either case, these figures are based on a full working week of 38 hours. They do not include the 8% holiday allowance and the 8,3% year-end allowance the UvA offers. A favourable tax agreement, the ‘30% ruling’, may apply to non-Dutch applicants.

Closing date for applications:

Contact: Christian Schaffner

More information: https://qusoft.org/qusoft-vacancies/

Visa Research is a growing group within Visa. We are located in the Palo Alto. The team itself is highly collaborative, working together not only on projects and research but also known to go hiking and have lunch together. 

Currently, we focus on building research teams in key areas: Data Analytics, Cryptography, and Future of Payment(Blockchain), and Artificial Intelligence. We are looking for outstanding researcher interns as part of the growing team! 

Visa Research’s goal of security is to enable policy-enforced, full lifecycle protection for data at rest, in transit and during computation for all payment-related scenarios. We accomplish this through fundamental and applied research in the areas of security and cryptography.

The internship will focus on developing new and impactful research in the chosen area. You will work closely with our team members to define and solve a state of the art research problem. In most cases, the final deliverable will be a research publication at a top-tier conference. Candidates should have a strong publication record and be able to perform research in both a group and self-guided setting.

Specific areas of interest include but not limited to:

• Secure Multiparty Computation
• Post Quantum Cryptography
• Quantum Cryptography
• Zero Knowledge Proofs
• Blockchain & Consenous Protocols

Closing date for applications:

Contact: Peter Rindal perindal@visa.com

More information: https://jobs.smartrecruiters.com/Visa/743999874588501-intern-visa-research-phd-

Applications are invited for a PhD project "Secure multi-tenant and federated satellite system". The full-time doctoral candidate will develop novel computer architecture required to support the security protocols proposed and/or standardized by CCSDS and will also propose new protocols. The student will also work on Software defined Satellite networking to enable programmability and reconfigurability of the system. The work will involve design of novel computer architecture and/or novel operating system and/or novel multiparty security protocol.

Closing date for applications:

Contact: Dr Arnab Kumar Biswas

More information: https://www.qub.ac.uk/courses/postgraduate-research/phd-opportunities/secure-multitenant-and-federated-satellite-system.html

Applications are invited for a PhD project "A Trusted Execution Environment based framework for securing legacy embedded systems". The full-time doctoral candidate will investigate existing Trusted Execution Environment (TEE) on COTS devices in Industrial control systems (ICS) and implement a framework which will allow the use of the COTS devices without any compromise on trust. In this case, the ICS operator will issue the applications for the COTS operator that will be able to communicate with the ICS devices using the required protocol and perform the necessary maintenance tasks. The project work will involve proposing novel architectural solution and/or novel operating system-based solution.

Closing date for applications:

Contact: Dr Arnab Kumar Biswas

More information: https://www.qub.ac.uk/courses/postgraduate-research/phd-opportunities/a-trusted-execution-environment-based-framework-for-securing-legacy-embedded-systems.html

A single-leader election (SLE) is a way to elect one leader randomly among the parties in a distributed system. If the leader is secret (i.e., unpredictable) then it is called a secret single leader election (SSLE). In this paper, we model the security of SLE in the universally composable (UC) model. Our model is adaptable to various unpredictability levels for leaders that an SLE aims to provide. We construct an SLE protocol that we call semi-anonymous single leader election (SASLE). We show that SASLE is secure against adaptive adversaries in the UC model. SASLE provides a good amount of unpredictability level to most of the honest leaders while it does not provide unpredictability to the rest of them. In this way, we obtain better communication overhead by comparing the existing SSLE protocols. In the end, we construct a PoS-protocol (Sassafras) which deploys SASLE to elect the block producers. Sassafras benefits from the efficiency of SASLE and gains significant security both to grinding attacks and the private attack as shown by Azouvi and Cappelletti (ACM AFT 2021) because it elects a single block producer.

In Private Set Intersection protocols (PSIs), a non-empty result always reveals something about the private input sets of the parties. Moreover, in various variants of PSI, not all parties necessarily receive or are interested in the result. Nevertheless, to date, the literature has assumed that those parties who do not receive or are not interested in the result still contribute their private input sets to the PSI for free, although doing so would cost them their privacy. In this work, for the first time, we propose a multi-party PSI, called “Anesidora”, that rewards parties who contribute their private input sets to the protocol. Anesidora is efficient; it mainly relies on symmetric key primitives and its computation and communication complexities are linear with the number of parties and set cardinality. It remains secure even if the majority of parties are corrupted by active colluding adversaries.

End-to-end encryption (E2EE) prevents online services from accessing user content. This important security property is also an obstacle for content moderation methods that involve content analysis. The tension between E2EE and efforts to combat child sexual abuse material (CSAM) has become a global flashpoint in encryption policy, because the predominant method of detecting harmful content---server-side perceptual hash matching on plaintext images---is unavailable.

Recent applied cryptography advances enable private hash matching (PHM), where a service can match user content against a set of known CSAM images without revealing the hash set to users or nonmatching content to the service. These designs, especially a 2021 proposal for identifying CSAM in Apple's iCloud Photos service, have attracted widespread criticism for creating risks to security, privacy, and free expression.

In this work, we aim to advance scholarship and dialogue about PHM by contributing new cryptographic methods for system verification by the general public. We begin with motivation, describing the rationale for PHM to detect CSAM and the serious societal and technical issues with its deployment. Verification could partially address shortcomings of PHM, and we systematize critiques into two areas for auditing: trust in the hash set and trust in the implementation. We explain how, while these two issues cannot be fully resolved by technology alone, there are possible cryptographic trust improvements.

The central contributions of this paper are novel cryptographic protocols that enable three types of public verification for PHM systems: (1) certification that external groups approve the hash set, (2) proof that particular lawful content is not in the hash set, and (3) eventual notification to users of false positive matches. The protocols that we describe are practical, efficient, and compatible with existing PHM constructions.

Event date: 29 June to 30 June 2023
Submission deadline: 7 February 2023
Notification: 14 March 2023

Event date: 29 August to 1 September 2023
Submission deadline: 9 March 2022
Notification: 23 May 2022

A distributed point function (DPF) (Gilboa-Ishai, Eurocrypt 2014) is a cryptographic primitive that enables compressed additive secret-sharing of a secret weight-1 vector across two or more servers. DPFs support a wide range of cryptographic applications, including efficient private information retrieval, secure aggregation, and more. Up to now, the study of DPFs was restricted to the computational security setting, relying on one-way functions. This assumption is necessary in the case of a dishonest majority.

We present the first statistically private 3-server DPF for domain size $N$ with subpolynomial key size $N^{o(1)}$. We also present a similar perfectly private 4-server DPF. Our constructions offer benefits over their computationally secure counterparts, beyond the superior security guarantee, including better computational complexity and better protocols for distributed key generation, all while having comparable communication complexity for moderate-sized parameters.

This paper describes a formalization of the specification and the algorithm of the cryptographic scheme CRYSTALS-KYBER as well as the verification of its (1 − δ)-correctness proof. During the formalization, a problem in the correctness proof was uncovered. In order to amend this issue, a necessary property on the modulus parameter of the CRYSTALS-KYBER algorithm was introduced. This property is already implicitly fulfilled by the structure of the modulus prime used in the number theoretic transform (NTT). The NTT and its convolution theorem in the case of CRYSTALS-KYBER was formalized as well. The formalization was realized in the theorem prover Isabelle.

We are applying Fermat’s factorization algorithm to sets of public RSA keys. Fermat’s factorization allows efficiently calculating the prime factors of a composite number if the difference between the two primes is small. Knowledge of the prime factors of an RSA public key allows efficiently calculating the private key. A flawed RSA key generation function that produces close primes can therefore be attacked with Fermat’s factorization. We discovered a small number of vulnerable devices that generate such flawed RSA keys in the wild. These affect devices from two printer vendors - Canon and Fuji Xerox. Both use an underlying cryptographic module by Rambus.

In this paper, we investigate the security of several recent MAC constructions with provable security beyond the birthday bound (called BBB MACs) in the quantum setting. On the one hand, we give periodic functions corresponding to targeted MACs (including PMACX, PMAC with parity, HPxHP, and HPxNP), and we can recover secret states using Simon algorithm, leading to forgery attacks with complexity O(n). This implies our results realize an exponential speedup compared with the classical algorithm. Note that our attacks can even break some optimally secure MACs, such as mPMAC+-f, mPMAC+-p1, mPMAC+-p2, mLightMAC+-f, etc. On the other hand, we construct new hidden periodic functions based on SUM-ECBC-like MACs: SUM-ECBC, PolyMAC, GCM-SIV2, and 2K-ECBC−Plus, where periods reveal the information of the secret key. Then, by applying Grover-meets-Simon algorithm to specially constructed functions, we can recover full keys with O(2^(n/2)n) or O(2^(m/2)n) quantum queries, where n is the message block size and m is the length of the key. Considering the previous best quantum attack, our key-recovery attacks achieve a quadratic speedup.

Functional Encryption (FE) is a modern cryptographic technique that allows users to learn only a specific function of the encrypted data and nothing else about its actual content. While the first notions of security in FE revolved around the privacy of the encrypted data, more recent approaches also consider the privacy of the computed function. While in the public key setting, only a limited level of function-privacy can be achieved, in the private-key setting privacy potential is significantly larger. However, this potential is still limited by the lack of rich function families. For this work, we started by identifying the limitations of the current state-of-the-art approaches which, in its turn, allowed us to consider a new threat model for FE schemes. To the best of our knowledge, we here present the first attempt to quantify the leakage during the execution of an FE scheme. By leveraging the functionality offered by Trusted Execution Environments, we propose a construction that given any message-private functional encryption scheme yields a function-private one. Finally, we argue in favour of our construction's applicability on constrained devices by showing that it has low storage and computation costs.