International Association
for Cryptologic Research

We are looking for bright and motivated PhD students to work in the topics of information security and cryptography.

The student is expected to work on topics that include security and privacy issues in authentication. More precisely, the students will be working on investigating efficient and privacy-preserving authentication that provides: i) provable security guarantees, and ii) rigorous privacy guarantees.

Key Responsibilities:

• Perform exciting and challenging research in the domain of information security and cryptography.
• Support and assist in teaching computer security and cryptography courses.

Profile:

• The PhD students are expected to have a MSc degree or equivalent, and strong background in cryptography, network security and mathematics.
• Experience in one or more domains such as cryptography, design of protocols, secure multi-party computation and differential privacy is beneficial.
• Excellent programming skills.
• Excellent written and verbal communication skills in English

The Chair of Cyber Security, https://cybersecurity.unisg.ch/, is a part of the Institute of Computer Science (ICS) at the University of St.Gallen. The chair was established in autumn semester 2020 and is led by Prof. Dr. Katerina Mitrokotsa. Our research interests are centered around information security and applied cryptography, with the larger goal of safeguarding communications and providing strong privacy guarantees. We are currently active in multiple areas including the design of provably secure cryptographic protocols and cryptographic primitives that can be employed for reliable authentication, outsourcing computations in cloud-assisted settings, network security problems as well as secure and privacy-preserving machine learning. As a doctoral student you will be a part of the Doctoral School of Computer Science (DCS), https://dcs.unisg.ch.

Please apply asap.

Closing date for applications:

Contact:
Eriane Breu, eriane.breu@unisg.ch (Administrative matters)
Prof. Katerina Mitrokotsa, katerina.mitrokotsa@unisg.ch (Research related questions)

More information: https://jobs.unisg.ch/offene-stellen/funded-phd-student-in-applied-cryptography-privacy-preserving-biometric-authentication-m-f-d/e7a9e90b-02cd-45d0-ad4f-fc02131eaf86

The Symmetric Key and Lightweight Cryptography Lab (SyLLab) at NTU Singapore is looking for candidates for Research Fellow/Post-Doc (from fresh Post-Docs to Senior Research Fellows, flexible contract duration) as well as PhD student positions on various topics:

• Symmetric-key cryptography (cryptanalysis, design),
• Machine learning,
• Side-channels attacks,
• Fully homomorphic encryption.

Candidates are expected to have a proven record of publications in top cryptography/security venues.

The positions will be funded by the 5-year National Research Foundation (NRF) Investigatorship grant from Singapore. Salaries are competitive and are determined according to the successful applicant's accomplishments, experience and qualifications. We offer an excellent research environment with a highly international team, with flexible working conditions, budget for conferences/equipment, etc.

Interested applicants should send their detailed CVs and references to Prof. Thomas Peyrin (thomas.peyrin@ntu.edu.sg). The review of applications starts immediately and will continue until positions are filled.

Closing date for applications:

Contact: Thomas Peyrin

More information: https://thomaspeyrin.github.io/web/

Event date: 5 July to 7 July 2023
Submission deadline: 13 February 2023
Notification: 15 April 2023

Applications are invited for 15 enhanced fully-funded PhD scholarships in the following areas: Network & Wireless Security, Trusted Hardware & Applied Cryptography, Autonomous Security & Security of AI, Industrial Control System and Safety-critical System security.

The DTP provides an opportunity to advance research in these exciting cyber security areas, focus on entreprise and leadership skills, have access to modules on our certified MSc in Advanced Cyber Security and MSc AI and a dedicated training programme, and interact with CSIT industry partners.

Applicants must have at least a 2:1 Honours Degree in Electrical and Electronics Engineering, Computer Science, Mathematics or closely related discipline.

International studentships are also available.

Closing date for applications:

Contact: Dr Jesus Martinez DelRincon

More information: https://www.qub.ac.uk/ecit/CSIT/Cyber-AIHub/CSIT-DTP/

This year, three FSE test-of-time awards will be given for papers published at FSE 2006, FSE 2007 and FSE 2008.

Nominations for these awards should be sent to the chair of the FSE steering committee by February 20 2023.

See: https://tosc.iacr.org/index.php/ToSC/ToT_Award

FSE 2023 (March 20-24, 2023): there will be a mirror event hosted in Kobe, Japan for attendees who are unable to travel to Beijing, China.

See https://fse.iacr.org/2023 for details.

NIST has published NISTIR 8214C ipd: NIST First Call for Multi-Party Threshold Schemes (Initial Public Draft). The call has two categories: cat1, for NIST-specified primitives; and cat2, for primitives not specified by NIST.

The period of public comments is open till April 10, 2023. The participation of the cryptology community is essential for the success of this initiative.

Details here: https://csrc.nist.gov/publications/detail/nistir/8214c/draft

Consider also joining the MPTC forum: https://csrc.nist.gov/projects/threshold-cryptography/email-list

Modern day smart phones are used for performing several sensitive operations, including online payments. Hence, the underlying cryptographic libraries are expected to adhere to proper security measures to ensure that there are no exploitable leakages. In particular, the implementations should be constant time to prevent subsequent timing based side channel analysis which can leak secret keys. Unfortunately, we unearth in this paper a glaring timing variation present in the Bouncy-Castle implementation of RSA like ciphers which is based on the BigInteger Java library to support large number theoretic computations. We follow up the investigation with a step-by-step procedure to exploit the timing variations to retrieve the complete secret of windowed RSA-2048 implementation. The entire analysis is possible with a single set of timing observation, implying that the timing observation can be done at the onset, followed by some post processing which does not need access to the phone. We have validated our analysis on Android Marshmallow 6.0, Nougat 7.0 and Oreo 8.0 versions. Interestingly, we note that for newer phones the timing measurement is more accurate leading to faster key retrievals.

In this paper we present several analyses on ChaCha, a software stream cipher. First, we consider a divide-and-conquer approach on the secret key bits by partitioning them. The partitions are based on multiple input-output differentials to obtain a significantly improved attack on 6-round ChaCha256 with a complexity of 2^{99.48}. It is 2^{40} times faster than the currently best known attack. Note that, this is the first time an attack could be mounted on reduced round ChaCha with a complexity significantly less than 2^{k}{2}, where the secret key is of $k$ bits. Further, we note that all the attack complexities related to ChaCha are theoretically estimated in general and there are several questions in this regard as pointed out by Dey et al. in Eurocrypt 2022. In this regard, we propose a toy version of ChaCha, with a 32-bit secret key, on which the attacks can be implemented completely to verify whether the theoretical estimates are justified. This idea is implemented for our proposed attack on 6 rounds. Finally, we show that it is possible to estimate the success probabilities of these kinds of PNB-based differential attacks more accurately. Our methodology explains how different cryptanalytic results can be evaluated with better accuracy rather than claiming (Aumasson et al., 2008) that the success probability is significantly better than 50%.

This paper proposes Prism, Private Verifiable Set Computation over Multi-Owner Outsourced Databases, a secret sharing based approach to compute private set operations (i.e., intersection and union), as well as aggregates over outsourced databases belonging to multiple owners. Prism enables data owners to pre-load the data onto non-colluding servers and exploits the additive and multiplicative properties of secret-shares to compute the above-listed operations in (at most) two rounds of communication between the servers (storing the secret-shares) and the querier, resulting in a very efficient implementation. Also, Prism does not require communication among the servers and supports result verification techniques for each operation to detect malicious adversaries. Experimental results show that Prism scales both in terms of the number of data owners and database sizes, to which prior approaches do not scale.

Proposed by Thang and Binh (NICS, 2015 ), DBTRU is a variant of NTRU, where the integer polynomial ring is replaced by two binary truncated polynomial rings GF(2)[x]/(x^n + 1). DBTRU has significant advantages over NTRU in terms of security and performance. NTRU is a probabilistic public key cryptosystem having security related to some hard problems in lattices. In this paper we will present a polynomial-time linear algebra attack on the DBTRU cryptosystem which can break DBTRU for all recommended parameter choices and the plaintext can be obtained in less than one second using a single PC and this specific attack.

In the current context of the increasing need for data privacy and quantum computing no longer being just a novel concept, Fully Homomorphic Encryption presents us with numerous quantum-secure schemes which have the concept of enabling data processing over encrypted data while not decrypting it behind. While not entirely usable at the present time, recent research has underlined its practical uses applied to databases, cloud computing, machine learning, e-voting, and IoT computing. In this paper, we are covering the current status of research and presenting the leading implemented solutions for subjects related to data privacy in the before-mentioned areas while emphasizing their positive results and possible drawbacks subsequently discovered by the research community.

The modern Internet is built on systems that incentivize collection of information about users. In order to minimize privacy loss, it is desirable to prevent these systems from collecting more information than is required for the application. The promise of multi-party computation is that data can be aggregated without revealing individual measurements to the data collector. This work offers a provable security treatment for "Verifiable Distributed Aggregation Functions (VDAFs)", a class of multi-party computation protocols being considered for standardization by the IETF.

We propose a formal framework for the analysis of VDAFs and apply it to two candidate protocols. The first is based on the Prio system of Corrigan-Gibbs and Boneh (NSDI 2017). Prio is fairly mature and has been deployed in real-world applications. We prove that, with only minor changes, the current draft of the standardized version achieves our security goals. The second candidate is the recently proposed Poplar system from Boneh et al. (IEEE S\&P 2021). The deployability of Poplar is less certain. One difficulty is that the interactive step requires two rounds of broadcast messages, whereas Prio requires just one. This makes Poplar less suitable for many deployment scenarios. We show the round complexity can be improved, at the cost of higher bandwidth.

Secret sharing schemes allow sharing a secret between a set of parties in a way that ensures that only authorized subsets of the parties learn the secret. Evolving secret sharing schemes (Komargodski, Naor, and Yogev [TCC ’16]) allow achieving this end in a scenario where the parties arrive in an online fashion, and there is no a-priory bound on the number of parties. An important complexity measure of a secret sharing scheme is the share size, which is the maximum number of bits that a party may receive as a share. While there has been a significant progress in recent years, the best constructions for both secret sharing and evolving secret sharing schemes have a share size that is exponential in the number of parties. On the other hand, the best lower bound, by Csirmaz [Eurocrypt ’95], is sub-linear. In this work, we give a tight lower bound on the share size of evolving secret sharing schemes. Specifically, we show that the sub-linear lower bound of Csirmaz implies an exponential lower bound on evolving secret sharing.

The powerful no-cloning principle of quantum mechanics can be leveraged to achieve interesting primitives, referred to as unclonable primitives, that are impossible to achieve classically. In the past few years, we have witnessed a surge of new unclonable primitives. While prior works have mainly focused on establishing feasibility results, another equally important direction, that of understanding the relationship between different unclonable primitives is still in its nascent stages. Moving forward, we need a more systematic study of unclonable primitives. To this end, we introduce a new framework called cloning games. This framework captures many fundamental unclonable primitives such as quantum money, copy-protection, unclonable encryption, single-decryptor encryption, and many more. By reasoning about different types of cloning games, we obtain many interesting implications to unclonable cryptography, including the following: 1. We obtain the first construction of information-theoretically secure single-decryptor encryption in the one-time setting. 2. We construct unclonable encryption in the quantum random oracle model based on BB84 states, improving upon the previous work, which used coset states. Our work also provides a simpler security proof for the previous work. 3. We construct copy-protection for single-bit point functions in the quantum random oracle model based on BB84 states, improving upon the previous work, which used coset states, and additionally, providing a simpler proof. 4. We establish a relationship between different challenge distributions of copy-protection schemes and single-decryptor encryption schemes. 5. Finally, we present a new construction of one-time encryption with certified deletion.

Secure communication is gained by combining encryption with authentication. In real-world applications encryption commonly takes the form of KEM-DEM hybrid encryption, which is combined with ideal authentication. The pivotal question is how weak the employed key encapsulation mechanism (KEM) is allowed to be to still yield universally composable (UC) secure communication when paired with symmetric encryption and ideal authentication. This question has so far been addressed for public-key encryption (PKE) only, showing that encryption does not need to be stronger than sender-binding CPA, which binds the CPA secure ciphertext non-malleably to the sender ID. For hybrid encryption, prior research unanimously reaches for CCA2 secure encryption which is unnecessarily strong. Answering this research question is vital to develop more efficient and feasible protocols for real-world secure communication and thus enable more communication to be conducted securely. In this paper we use ideas from the PKE setting to develop new answers for hybrid encryption. We develop a new and significantly weaker security notion—sender-binding CPA for KEMs—which is still strong enough for secure communication. By using game-based notions as building blocks, we attain secure communication in the form of ideal functionalities with proofs in the UC-framework. Secure communication is reached in both the classic as well as session context by adding authentication and one-time/replayable CCA secure symmetric encryption respectively. We furthermore provide an efficient post-quantum secure LWE-based construction in the standard model giving an indication of the real-world benefit resulting from our new security notion. Overall we manage to make significant progress on discovering the minimal security requirements for hybrid encryption components to facilitate secure communication.

In permissioned digital currencies such as Central Bank Digital Currencies (CBDCs), data disclosure is essential for gathering aggregated statistics about the transactions and activities of the users. These statistics are later used to set regulations. Differential privacy techniques have been proposed to preserve individuals’ privacy while still making aggregative statistical analysis possible. Recently, privacy-preserving payment systems fit for CBDCs have been proposed. While preserving the privacy of the sender and recipient, they also prevent any insightful learning from their data. Thus, they are ill-qualified to be incorporated with a system that mandates publishing statistical data. We show that differential privacy and privacy-preserving payments can coexist even if one of the participating parties (i.e., the user or the data analyst) is malicious. We propose a modular scheme that incorporates verifiable local differential privacy techniques into a privacy-preserving payment system. Thus, although the noise is added directly by the user (i.e., the data subject), we prevent her from manipulating her response and enforce the integrity of the noise generation via a novel protocol.

This article presents and explains methodologies that can be employed to recover information from encrypted files generated by ransomware based on cryptanalytic techniques. By using cryptanalysis and related knowledge as much as possible, the methodology's goal is to use static and dynamic analysis as little as possible. We present three case studies that illustrate different approaches that can be used to recover the encrypted data.

Since the proposal of Bitcoin in 2008, the world has seen accelerated growth in the field of blockchain and discovered its potential to immensely transform most industries, one of the first and most important being finance. The blockchain trilemma states that blockchains can have security, scalability, and decentralization, but never all three at the same time, in the same amount. At the moment, the most successful blockchains have a lack of scalability that researchers and developers try to alleviate by solutions like layer 2s. Most of these solutions rely on cryptographic primitives and technologies, like collision-free hash function or zero-knowledge proofs. In this paper we explore a few of the most popular solutions available now, their improvements to scalability, their drawbacks and security risks.

Back in the 90s when the notion of malware first appeared, it was clear that the behaviour and purpose of such software should be closely analysed, such that systems all over the world should be patched, secured and ready to prevent other malicious activities to be happening in the future. Thus, malware analysis was born. In recent years, the rise of malware of all types, for example trojan, ransowmare, adware, spyware and so on, implies that deeper understanding of operating systems, attention to the details and perseverance are just some of the traits any malware analyst should have in their bag. With Windows being the worldwide go-to operating system, Windows' executable files represent the perfect way in which malware can be disguised to later be loaded and produce damage. In this paper we highlight how ciphers like Vigen\`ere cipher or Caesar cipher can be extended to more complex classes, such that, when later broken, ways of decrypting malware payloads, that are disguised in Windows executable files, are found. Alongside the theoretical information present in this paper, based on a dataset provided by our team at Bitdefender, we describe our implementation on how the key to decryption of such payloads can be found, what techniques are present in our approach, how optimization can be done, what are the pitfalls of this implementation and, lastly, open a discussion on how to tackle these pitfalls.