International Association
for Cryptologic Research

The Department of Combinatorics and Optimization at the University of Waterloo invites applications from qualified candidates for a 1.5-year position as a Cryptographic Research Architect on the Open Quantum Safe project (https://openquantumsafe.org/).

This position is available immediately in Professor Stebila’s research group. You will be working with a world-wide team of researchers and developers from academia and industry on the Open Quantum Safe project. You will have the opportunity to push the boundaries of applied post-quantum cryptography and contribute to various open-source projects. You will help integrate new post-quantum cryptographic algorithms into the liboqs open-source library, and design and implement techniques for evaluating and benchmarking these cryptographic algorithms in a variety of contexts.

The field of post-quantum cryptography is rapidly evolving, and you will need to track ongoing changes to algorithms due to peer review and advances by researchers via the the NIST Post-Quantum Cryptography project forum. In addition to algorithm research, tasks cover all aspects of the software development lifecycle and include design, programming cryptographic algorithms, integrating other cryptographic implementations into the liboqs framework, integrating liboqs into 3rd party open-source projects, testing, benchmarking and documentation. You may be asked to take an ownership role in coordinating the development of various sub-component of the Open Quantum Safe project.

The appointment will be a full-time position for 18 months with the possibility of extension, pending on research funding. The salary range is $80,000–$115,000/year and commensurate with experience.

All qualified candidates are encouraged to apply; however, Canadian citizens and permanent residents will be given priority.

For more information on the position and how to apply, please see https://openquantumsafe.org/team/open-positions

Closing date for applications:

Contact: Douglas Stebila (dstebila@uwaterloo.ca)

More information: https://openquantumsafe.org/team/open-positions

The CryptoTeam at the Department of Computer Science and Engineering at Chalmers University of Technology (in Gothenburg, Sweden) is looking for an excellent, motivated, and self-driven person who wishes to join the team and do research in cryptography. The successful candidate will work with Asst. Prof. Elena Pagnin.
The position is fully funded for five years with possible extensions for parental or sick leave, and an attractive salary. The position is linked to a project funded by the Swedish research council focusing on the security and efficiency of progressive verification for cryptographic schemes. If you think this sounds cool, follow the link below and apply!
Applicants are expected to hold an MSc degree in Mathematics and/or Computer Science. Knowledge of cryptographic primitives and information security is preferable, but not mandatory. Only applications via the official portal will be considered.

Closing date for applications:

Contact: For more information check out:

• The official ad: https://www.chalmers.se/en/about-chalmers/work-with-us/vacancies/?rmpage=job&rmjob=11434&rmlang=UK
• Elena's webpage: https://epagnin.github.io

More information: https://www.chalmers.se/en/about-chalmers/work-with-us/vacancies/?rmpage=job&rmjob=11434&rmlang=UK

For the Faculty of Management and Technology at the Institute of Information Systems, the University is looking for a responsible, motivated and committed personality as a Research Assistant (EG 13 TV-L) with 50% of the regular weekly working hours of a full-time employee, limited for a period of 3 years. Your tasks: Coordination and implementation of courses in the field of business informatics in the amount of 2 SWS Support for research projects in the area of Network Science Administrative support Own scientific further qualification Your profile: Completed scientific university studies (Master or equivalent) in the field of Ma-thematics, Business Informatics, Computer Science or Natural Sciences Strong methodological skills in graph theory, network science or complex systems Experience in quantitative analysis of networks. Very good communication skills and organizational skills Translated with www.DeepL.com/Translator (free version)

Closing date for applications:

Contact: Leuphana Universität Lüneburg Personal und Recht / Bewerbungsmanagement Code: WiMi Network Science Universitätsallee 1 21335 Lüneburg bewerbung@leuphana.de

We are looking for an excellent, motivated, post-doctoral researcher to work in the area of information security and cryptography. The post-doctoral researcher will join Katerina Mitrokotsa's research group (Chair of Cyber Security), working in the area of information and communication security with a focus on authentication protocols, verifiable delegation of computation, and secure multi-party computation. The position is available for one plus one year after a successful review evaluation.

Key Responsibilities:

• The post-doctoral fellow is expected to perform exciting and challenging research in the area of information security and cryptography including the design of provably secure cryptographic protocols.
• The post-doctoral fellow shall be involved in the supervision of PhD and master students

Your profile:

• The post-doctoral researcher is expected to have a PhD degree in Computer Science, Engineering or Mathematics and a strong background in theoretical computer science and cryptography
• Have an excellent publication record in top venues Competitive research record in cryptography or information security
• Strong mathematical and algorithmic CS background
• Good skills in programming is beneficial
• Excellent written and verbal communication skills in English

The Chair of Cyber Security, is a part of the Institute of Computer Science (ICS) at the University of St. Gallen. The chair was established in autumn semester 2020 and is led by Prof. Dr. Katerina Mitrokotsa. Our research interests are centered around information security and applied cryptography, with the larger goal of safeguarding communications and providing strong privacy guarantees. We are currently active in multiple areas including the design of provably secure cryptographic protocols and cryptographic primitives that can be employed for reliable authentication, outsourcing computations in cloud-assisted settings, network security problems as well as secure and privacy-preserving machine learning.

Please apply asap.

Closing date for applications:

Contact:
Eriane Breu, eriane.breu@unisg.ch (Administrative matters)
Prof. Katerina Mitrokotsa, katerina.mitrokotsa@unisg.ch (Research related questions)

More information: https://jobs.unisg.ch/offene-stellen/postdoc-fellow-in-cryptography-information-security-m-w-d/c35410fb-40bb-41f2-b298-8be150d8f9b6

We are looking for bright and motivated PhD students to work in the topics of information security and cryptography.

The student is expected to work on topics that include security and privacy issues in authentication. More precisely, the students will be working on investigating efficient and privacy-preserving authentication that provides: i) provable security guarantees, and ii) rigorous privacy guarantees.

Key Responsibilities:

• Perform exciting and challenging research in the domain of information security and cryptography.
• Support and assist in teaching computer security and cryptography courses.

Profile:

• The PhD students are expected to have a MSc degree or equivalent, and strong background in cryptography, network security and mathematics.
• Experience in one or more domains such as cryptography, design of protocols, secure multi-party computation and differential privacy is beneficial.
• Excellent programming skills.
• Excellent written and verbal communication skills in English

The Chair of Cyber Security, https://cybersecurity.unisg.ch/, is a part of the Institute of Computer Science (ICS) at the University of St.Gallen. The chair was established in autumn semester 2020 and is led by Prof. Dr. Katerina Mitrokotsa. Our research interests are centered around information security and applied cryptography, with the larger goal of safeguarding communications and providing strong privacy guarantees. We are currently active in multiple areas including the design of provably secure cryptographic protocols and cryptographic primitives that can be employed for reliable authentication, outsourcing computations in cloud-assisted settings, network security problems as well as secure and privacy-preserving machine learning. As a doctoral student you will be a part of the Doctoral School of Computer Science (DCS), https://dcs.unisg.ch.

Please apply asap.

Closing date for applications:

Contact:
Eriane Breu, eriane.breu@unisg.ch (Administrative matters)
Prof. Katerina Mitrokotsa, katerina.mitrokotsa@unisg.ch (Research related questions)

More information: https://jobs.unisg.ch/offene-stellen/funded-phd-student-in-applied-cryptography-privacy-preserving-biometric-authentication-m-f-d/e7a9e90b-02cd-45d0-ad4f-fc02131eaf86

The Symmetric Key and Lightweight Cryptography Lab (SyLLab) at NTU Singapore is looking for candidates for Research Fellow/Post-Doc (from fresh Post-Docs to Senior Research Fellows, flexible contract duration) as well as PhD student positions on various topics:

• Symmetric-key cryptography (cryptanalysis, design),
• Machine learning,
• Side-channels attacks,
• Fully homomorphic encryption.

Candidates are expected to have a proven record of publications in top cryptography/security venues.

The positions will be funded by the 5-year National Research Foundation (NRF) Investigatorship grant from Singapore. Salaries are competitive and are determined according to the successful applicant's accomplishments, experience and qualifications. We offer an excellent research environment with a highly international team, with flexible working conditions, budget for conferences/equipment, etc.

Interested applicants should send their detailed CVs and references to Prof. Thomas Peyrin (thomas.peyrin@ntu.edu.sg). The review of applications starts immediately and will continue until positions are filled.

Closing date for applications:

Contact: Thomas Peyrin

More information: https://thomaspeyrin.github.io/web/

Event date: 5 July to 7 July 2023
Submission deadline: 13 February 2023
Notification: 15 April 2023

Applications are invited for 15 enhanced fully-funded PhD scholarships in the following areas: Network & Wireless Security, Trusted Hardware & Applied Cryptography, Autonomous Security & Security of AI, Industrial Control System and Safety-critical System security.

The DTP provides an opportunity to advance research in these exciting cyber security areas, focus on entreprise and leadership skills, have access to modules on our certified MSc in Advanced Cyber Security and MSc AI and a dedicated training programme, and interact with CSIT industry partners.

Applicants must have at least a 2:1 Honours Degree in Electrical and Electronics Engineering, Computer Science, Mathematics or closely related discipline.

International studentships are also available.

Closing date for applications:

Contact: Dr Jesus Martinez DelRincon

More information: https://www.qub.ac.uk/ecit/CSIT/Cyber-AIHub/CSIT-DTP/

This year, three FSE test-of-time awards will be given for papers published at FSE 2006, FSE 2007 and FSE 2008.

Nominations for these awards should be sent to the chair of the FSE steering committee by February 20 2023.

See: https://tosc.iacr.org/index.php/ToSC/ToT_Award

FSE 2023 (March 20-24, 2023): there will be a mirror event hosted in Kobe, Japan for attendees who are unable to travel to Beijing, China.

See https://fse.iacr.org/2023 for details.

NIST has published NISTIR 8214C ipd: NIST First Call for Multi-Party Threshold Schemes (Initial Public Draft). The call has two categories: cat1, for NIST-specified primitives; and cat2, for primitives not specified by NIST.

The period of public comments is open till April 10, 2023. The participation of the cryptology community is essential for the success of this initiative.

Details here: https://csrc.nist.gov/publications/detail/nistir/8214c/draft

Consider also joining the MPTC forum: https://csrc.nist.gov/projects/threshold-cryptography/email-list

Modern day smart phones are used for performing several sensitive operations, including online payments. Hence, the underlying cryptographic libraries are expected to adhere to proper security measures to ensure that there are no exploitable leakages. In particular, the implementations should be constant time to prevent subsequent timing based side channel analysis which can leak secret keys. Unfortunately, we unearth in this paper a glaring timing variation present in the Bouncy-Castle implementation of RSA like ciphers which is based on the BigInteger Java library to support large number theoretic computations. We follow up the investigation with a step-by-step procedure to exploit the timing variations to retrieve the complete secret of windowed RSA-2048 implementation. The entire analysis is possible with a single set of timing observation, implying that the timing observation can be done at the onset, followed by some post processing which does not need access to the phone. We have validated our analysis on Android Marshmallow 6.0, Nougat 7.0 and Oreo 8.0 versions. Interestingly, we note that for newer phones the timing measurement is more accurate leading to faster key retrievals.

In this paper we present several analyses on ChaCha, a software stream cipher. First, we consider a divide-and-conquer approach on the secret key bits by partitioning them. The partitions are based on multiple input-output differentials to obtain a significantly improved attack on 6-round ChaCha256 with a complexity of 2^{99.48}. It is 2^{40} times faster than the currently best known attack. Note that, this is the first time an attack could be mounted on reduced round ChaCha with a complexity significantly less than 2^{k}{2}, where the secret key is of $k$ bits. Further, we note that all the attack complexities related to ChaCha are theoretically estimated in general and there are several questions in this regard as pointed out by Dey et al. in Eurocrypt 2022. In this regard, we propose a toy version of ChaCha, with a 32-bit secret key, on which the attacks can be implemented completely to verify whether the theoretical estimates are justified. This idea is implemented for our proposed attack on 6 rounds. Finally, we show that it is possible to estimate the success probabilities of these kinds of PNB-based differential attacks more accurately. Our methodology explains how different cryptanalytic results can be evaluated with better accuracy rather than claiming (Aumasson et al., 2008) that the success probability is significantly better than 50%.

This paper proposes Prism, Private Verifiable Set Computation over Multi-Owner Outsourced Databases, a secret sharing based approach to compute private set operations (i.e., intersection and union), as well as aggregates over outsourced databases belonging to multiple owners. Prism enables data owners to pre-load the data onto non-colluding servers and exploits the additive and multiplicative properties of secret-shares to compute the above-listed operations in (at most) two rounds of communication between the servers (storing the secret-shares) and the querier, resulting in a very efficient implementation. Also, Prism does not require communication among the servers and supports result verification techniques for each operation to detect malicious adversaries. Experimental results show that Prism scales both in terms of the number of data owners and database sizes, to which prior approaches do not scale.

Proposed by Thang and Binh (NICS, 2015 ), DBTRU is a variant of NTRU, where the integer polynomial ring is replaced by two binary truncated polynomial rings GF(2)[x]/(x^n + 1). DBTRU has significant advantages over NTRU in terms of security and performance. NTRU is a probabilistic public key cryptosystem having security related to some hard problems in lattices. In this paper we will present a polynomial-time linear algebra attack on the DBTRU cryptosystem which can break DBTRU for all recommended parameter choices and the plaintext can be obtained in less than one second using a single PC and this specific attack.

In the current context of the increasing need for data privacy and quantum computing no longer being just a novel concept, Fully Homomorphic Encryption presents us with numerous quantum-secure schemes which have the concept of enabling data processing over encrypted data while not decrypting it behind. While not entirely usable at the present time, recent research has underlined its practical uses applied to databases, cloud computing, machine learning, e-voting, and IoT computing. In this paper, we are covering the current status of research and presenting the leading implemented solutions for subjects related to data privacy in the before-mentioned areas while emphasizing their positive results and possible drawbacks subsequently discovered by the research community.

The modern Internet is built on systems that incentivize collection of information about users. In order to minimize privacy loss, it is desirable to prevent these systems from collecting more information than is required for the application. The promise of multi-party computation is that data can be aggregated without revealing individual measurements to the data collector. This work offers a provable security treatment for "Verifiable Distributed Aggregation Functions (VDAFs)", a class of multi-party computation protocols being considered for standardization by the IETF.

We propose a formal framework for the analysis of VDAFs and apply it to two candidate protocols. The first is based on the Prio system of Corrigan-Gibbs and Boneh (NSDI 2017). Prio is fairly mature and has been deployed in real-world applications. We prove that, with only minor changes, the current draft of the standardized version achieves our security goals. The second candidate is the recently proposed Poplar system from Boneh et al. (IEEE S\&P 2021). The deployability of Poplar is less certain. One difficulty is that the interactive step requires two rounds of broadcast messages, whereas Prio requires just one. This makes Poplar less suitable for many deployment scenarios. We show the round complexity can be improved, at the cost of higher bandwidth.

Secret sharing schemes allow sharing a secret between a set of parties in a way that ensures that only authorized subsets of the parties learn the secret. Evolving secret sharing schemes (Komargodski, Naor, and Yogev [TCC ’16]) allow achieving this end in a scenario where the parties arrive in an online fashion, and there is no a-priory bound on the number of parties. An important complexity measure of a secret sharing scheme is the share size, which is the maximum number of bits that a party may receive as a share. While there has been a significant progress in recent years, the best constructions for both secret sharing and evolving secret sharing schemes have a share size that is exponential in the number of parties. On the other hand, the best lower bound, by Csirmaz [Eurocrypt ’95], is sub-linear. In this work, we give a tight lower bound on the share size of evolving secret sharing schemes. Specifically, we show that the sub-linear lower bound of Csirmaz implies an exponential lower bound on evolving secret sharing.

The powerful no-cloning principle of quantum mechanics can be leveraged to achieve interesting primitives, referred to as unclonable primitives, that are impossible to achieve classically. In the past few years, we have witnessed a surge of new unclonable primitives. While prior works have mainly focused on establishing feasibility results, another equally important direction, that of understanding the relationship between different unclonable primitives is still in its nascent stages. Moving forward, we need a more systematic study of unclonable primitives. To this end, we introduce a new framework called cloning games. This framework captures many fundamental unclonable primitives such as quantum money, copy-protection, unclonable encryption, single-decryptor encryption, and many more. By reasoning about different types of cloning games, we obtain many interesting implications to unclonable cryptography, including the following: 1. We obtain the first construction of information-theoretically secure single-decryptor encryption in the one-time setting. 2. We construct unclonable encryption in the quantum random oracle model based on BB84 states, improving upon the previous work, which used coset states. Our work also provides a simpler security proof for the previous work. 3. We construct copy-protection for single-bit point functions in the quantum random oracle model based on BB84 states, improving upon the previous work, which used coset states, and additionally, providing a simpler proof. 4. We establish a relationship between different challenge distributions of copy-protection schemes and single-decryptor encryption schemes. 5. Finally, we present a new construction of one-time encryption with certified deletion.