International Association
for Cryptologic Research

Recently, there have been several proposals for secure computation with fair output delivery that require the use of a bulletin board abstraction (in addition to a trusted execution environment (TEE)). These proposals require all protocol participants to have read/write access to the bulletin board. These works envision the use of (public or permissioned) blockchains to implement the bulletin board abstractions. With the advent of consortium blockchains which place restrictions on who can read/write contents on the blockchain, it is not clear how to extend prior proposals to a setting where (1) not all parties have read/write access on a single consortium blockchain, and (2) not all parties prefer to post on a public blockchain.

In this paper, we address the above by showing the first protocols for fair secure computation in the multi-blockchain setting. More concretely, in a $n$-party setting where at most $t < n$ parties are corrupt, our protocol for fair secure computation works as long as (1) $t$ parties have access to a TEE (e.g., Intel SGX), and (2) each of the above $t$ parties are on some blockchain with each of the other parties. Furthermore, only these $t$ parties need write access on the blockchains.

In an optimistic setting where parties behave honestly, our protocol runs completely off-chain.

This paper introduces Nimble, a cloud service that helps applications running in trusted execution environments (TEEs) to detect rollback attacks (i.e., detect whether a data item retrieved from persistent storage is the latest version). To achieve this, Nimble realizes an append-only ledger service by employing a simple state machine running in a TEE in conjunction with a crash fault-tolerant storage service. Nimble then replicates this trusted state machine to ensure the system is available even if a minority of state machines crash. A salient aspect of Nimble is a new reconfiguration protocol that allows a cloud provider to replace the set of nodes running the trusted state machine whenever it wishes—without affecting safety. We have formally verified Nimble’s core protocol in Dafny, and have implemented Nimble such that its trusted state machine runs in multiple TEE platforms (Intel SGX and AMD SNP-SEV). Our results show that a deployment of Nimble on machines running in different availability zones can achieve from tens of thousands of requests/sec with an end-to-end latency of under 3.2 ms (based on an in-memory key-value store) to several thousands of requests/sec with a latency of 30ms (based on Azure Table).

With the emergence of Miner Extractable Value (MEV), block construction markets on blockchains have evolved into a competitive arena. Following Ethereum's transition from Proof of Work (PoW) to Proof of Stake (PoS), the Proposer Builder Separation (PBS) mechanism has emerged as the dominant force in the Ethereum block construction market.

This paper presents an in-depth longitudinal study of the Ethereum block construction market, spanning from the introduction of PoS and PBS in September 2022 to May 2023. We analyze the market shares of builders and relays, their temporal changes, and the financial dynamics within the PBS system, including payments among builders and block proposers---commonly referred to as bribes. We introduce an MEV-time law quantifying the expected MEV revenue wrt. the time elapsed since the last proposed block. We provide empirical evidence that moments of crisis (e.g. the FTX collapse, USDC stablecoin de-peg) coincide with significant spikes in MEV payments compared to the baseline.

Despite the intention of the PBS architecture to enhance decentralization by separating actor roles, it remains unclear whether its design is optimal. Implicit trust assumptions and conflicts of interest may benefit particular parties and foster the need for vertical integration. MEV-Boost was explicitly designed to foster decentralization, causing the side effect of enabling risk-free sandwich extraction from unsuspecting users, potentially raising concerns for regulators.

In this paper, we introduce a new approach to efficiently compute TFHE bootstrapping keys for (predefined) multiple users. Hence, a fixed number of users can enjoy the same level of efficiency as in the single key setting, keeping their individual input privacy. Our construction relies on a novel algorithm called homomorphic indicator, which can be of independent interest. We provide a detailed analysis of the noise growth and a set of secure parameters suitable to be used in practice. Moreover, we compare the complexity of our technique with other state-of-the-art constructions and show which method performs better in what parameter sets, based on our noise analysis. We also provide a prototype implementation of our technique. To the best of our knowledge, this is the first implementation of TFHE in the multiparty setting.

Mobile contact discovery is a convenience feature of messengers such as WhatsApp or Telegram that helps users to identify which of their existing contacts are registered with the service. Unfortunately, the contact discovery implementation of many popular messengers massively violates the users' privacy as demonstrated by Hagen et al. (NDSS '21, ACM TOPS '23). Unbalanced private set intersection (PSI) protocols are a promising cryptographic solution to realize mobile private contact discovery, however, state-of-the-art protocols do not scale to real-world database sizes with billions of registered users in terms of communication and/or computation overhead.

In our work, we make significant steps towards truly practical large-scale mobile private contact discovery. For this, we combine and substantially optimize the unbalanced PSI protocol of Kales et al. (USENIX Security '19) and the private information retrieval (PIR) protocol of Kogan and Corrigan-Gibbs (USENIX Security '21). Our resulting protocol has a total communication overhead that is sublinear in the size of the server's user database and also has sublinear online runtimes. We optimize our protocol by introducing database partitioning and efficient scheduling of user queries. To handle realistic change rates of databases and contact lists, we propose and evaluate different possibilities for efficient updates. We implement our protocol on smartphones and measure online runtimes of less than 2s to query up to 1024 contacts from a database with more than two billion entries. Furthermore, we achieve a reduction in setup communication up to factor 32x compared to state-of-the-art mobile private contact discovery protocols.

We remark that the key agreement scheme [IEEE Trans. Veh. Technol. 2021, 70(2): 1736--1751] fails to keep anonymity and untraceability, because the user $U_k$ needs to invoke the public key $PK_{U_j}$ to verify the signature generated by the user $U_j$. Since the public key is compulsively linked to the true identity $ID_{U_j}$ for authentication, any adversary can reveal the true identity by checking the signature.

Event date: 20 August 2023
Submission deadline: 15 June 2023

We are looking for a bright and motivated PhD student to work in the topics of information security and cryptography.

The student is expected to work on topics that include security and privacy issues in authentication. More precisely, the student will be working on investigating efficient and privacy-preserving authentication that provides: i) provable security guarantees, and ii) rigorous privacy guarantees.

Key Responsibilities:

• Perform exciting and challenging research in the domain of information security and cryptography.
• Support and assist in teaching computer security and cryptography courses.

Profile:

• The PhD student is expected to have a MSc degree or equivalent, and strong background in cryptography, network security and mathematics.
• Experience in one or more domains such as cryptography, design of protocols, secure multi-party computation and differential privacy is beneficial.
• Excellent programming skills.
• Excellent written and verbal communication skills in English

The Chair of Cyber Security, https://cybersecurity.unisg.ch/, is a part of the Institute of Computer Science (ICS) at the University of St.Gallen. The chair was established in autumn semester 2020 and is led by Prof. Dr. Katerina Mitrokotsa. Our research interests are centered around information security and applied cryptography, with the larger goal of safeguarding communications and providing strong privacy guarantees. We are currently active in multiple areas including the design of provably secure cryptographic protocols and cryptographic primitives that can be employed for reliable authentication, outsourcing computations in cloud-assisted settings, network security problems as well as secure and privacy-preserving machine learning. As a doctoral student you will be a part of the Doctoral School of Computer Science (DCS), https://dcs.unisg.ch.

The starting date for the position is flexible and come with a very competitive salary. The selection process runs until the suitable candidate has been found.

Closing date for applications:

Contact:
Eriane Breu, eriane.breu@unisg.ch (Administrative matters)
Prof. Katerina Mitrokotsa, katerina.mitrokotsa@unisg.ch (Research related questions)

There is an open call for a Postdoc position in the Cyber Security and Applied Cryptograhy research group at the Institute of Computer Science, University of St.Gallen, led by Prof. Katerina Mitrokotsa.

Our research interests are centered around information security and applied cryptography, with the larger goal of safeguarding communications and providing strong privacy guarantees. We are active in several areas, a subset of which include:

• Verifiable computation
• Secure, private and distributed aggregation
• Secure multi-party computation
• Privacy-preserving biometric authentication
• Anonymous credentials
• Distributed and privacy-preserving authentication

Candidates should have a strong background in applied cryptography and provable security, are able to work independently and also collaborate in a team. Applicants must hold a Ph.D., with contributions in the relevant research topics and have publications in good venues.

The starting date for the position is flexible and come with a very competitive salary. The selection process runs until the suitable candidate has been found. The University of St.Gallen conducts excellent research with international implications. The city of St.Gallen is located one hour from Zurich and offers a high quality of life.

Closing date for applications:

Contact:
Eriane Breu, eriane.breu@unisg.ch (Administrative matters)
Prof. Katerina Mitrokotsa, katerina.mitrokotsa@unisg.ch (Research related questions)

The University of Klagenfurt in southern Austria is looking for a Professor of Cybersecurity:

https://jobs.aau.at/en/job/professor-of-cybersecurity/

Application deadline is 18 June 2023.

Closing date for applications:

Contact: Wolfgang Faber

More information: https://jobs.aau.at/en/job/professor-of-cybersecurity/

The Fraunhofer-Gesellschaft (www.fraunhofer.com) currently operates 76 institutes and research institutions throughout Germany and is the world’s leading applied research organization. We at Fraunhofer FIT are an excellent partner for the human-centric design of our digital future. Some 350 scientists are working within interdisciplinary teams on innovative solutions for current challenges in the domains of Digital Energy, Health and Sustainability as well as Human-centered Engineering & Design, Data Science & AI, Business & Information Systems Engineering, Microsimulation, and Cooperation Systems like Blockchain.

Are you interested in research & practical projects around the topic Data Privacy and Data Spaces? Then take the chance and become part of our department Data Science and Artificial Intelligence in Aachen/Sankt Augustin in Germany!

Our research group, Data Protection and Sovereignty, is dedicated to developing cutting-edge solutions that ensure the security and privacy of sensitive data in real-world data-driven use-cases across various application domains. These include, but are not limited to, cybersecurity, data spaces, energy, supply chain, finance, and health. Data sovereignty, the ability of individuals or entities to have complete control over their data, requires advanced technologies beyond anonymization, such as homomorphic encryption (HE), secure multi-party computation (MPC), and differential privacy. As a part of this team, you will conduct research and develop secure solutions for real-world use-cases (e.g., data spaces, machine learning applications, secure data exchange, distributed systems) to enable data privacy and data sovereignty with partners from industry and research, in national and international projects.

Apply here: https://jobs.fraunhofer.de/job/Sankt-Augustin-Junior-Research-Group-LeaderPostdoc-%28mfd%29-in-the-area-of-Data-Privacy-and-Data-Sovereignty-53757/936608601/

Closing date for applications:

Contact: Dr. Avikarsha Mandal

More information: https://jobs.fraunhofer.de/job/Sankt-Augustin-Junior-Research-Group-LeaderPostdoc-%28mfd%29-in-the-area-of-Data-Privacy-and-Data-Sovereignty-53757/936608601/

We are looking for a bright, ambitious, and motivated PhD student to join the cryptography group in the Cybersecurity Engineering Section at DTU Compute in the Copenhagen region of Denmark. The 3-year PhD position will preferably start on 1 January 2024.
The goal of the PhD project is to improve the state of threshold post-quantum cryptography. You will join the growing cryptography team at DTU and be able to work with researchers in- and outside of the Copenhagen region and Denmark.

Closing date for applications:

Contact: Carsten Baum

More information: https://efzu.fa.em2.oraclecloud.com/hcmUI/CandidateExperience/en/sites/CX_1/job/1763/?utm_medium=jobshare

OpenZeppelin is the premier crypto cybersecurity technology and services company, trusted by the most used DeFi and NFT projects in the world.

The security services team at OpenZeppelin is responsible for the planning, execution, and delivery of Security Audits for the world’s leading web3 organizations and protocols.

What you'll be doing:
1. Review smart contracts for the top decentralized applications before they get launched and present findings and vulnerabilities that the protocol can have to the client.
2. Team up with one or two auditors and review code line by line and try to hack it.
3. Working on proposals to make code easier to understand and use in the future by sharing good practices
4. Conduct open-ended research around cutting edge blockchain technologies
5. Paid time to conduct research and contribute to OpenZeppelin’s projects and knowledge

Benefits
1. Unlimited holidays
2. Fully remote: your way of working
3. Paid parental leave & benefits for primary or second caregiver
4. Team events: onboarding tour & company retreats in different locations around the world
5. Work from home office equipment stipend of up to $500 USD
6. Monthly allowance for wellness activities
7. Coworking: access to a coworking space of your choice
8. Learning: technical training; spoken language lessons in any language of your choice (using Italki)

Closing date for applications:

Contact: David Bessin

More information: https://www.openzeppelin.com/jobs/opening?gh_jid=4254142003

Founded in 2015, OpenZeppelin is the premier crypto cybersecurity technology and services company, trusted by the most used DeFi and NFT projects in the world. Our mission is to protect the open economy, safeguarding tens of billions of dollars in funds for leading crypto organizations including Aave, Coinbase, Compound, Ethereum Foundation, TheGraph and many others. The security services team at OpenZeppelin is responsible for the planning, execution, and delivery of Security Audits for the world’s leading web3 organizations and protocols. We are looking to bolster this team by adding specialized cryptographer roles to lead technical audits of ZK projects and perform independent research. The ZK cryptography researcher is responsible for auditing cryptographic implementations of ZK protocols, alongside our experienced team of security researchers that are analyzing the on-chain components of these protocols. This role will also be in charge of leading cryptography research on the team. Check out the link for a full job description.

Closing date for applications:

Contact: David Bessin

More information: https://www.openzeppelin.com/jobs/opening?gh_jid=5612131003

Wouter Lueks (https://wouterlueks.nl) has fully-funded PhD and post-doc positions available in the area of privacy-enhancing technologies at CISPA Helmholtz Center for Information Security. His research group is interested in designing of end-to-end privacy-friendly systems that solve real-world problems. His research covers three broad areas to achieve this goal: (1) applied cryptography; (2) systems building for anonymity; and (3) the evaluation of privacy-friendly systems.

Applicants for a PhD position should hold a bachelor or master’s degree in Computer Science, Mathematics, or related field, and have an interest in privacy, security and/or cryptography. Post-doc applications should hold a PhD in a related field, and have an proven publication record with publications in top venues (e.g., USENIX, S&P, NDSS, or CCS) or specific privacy venues (e.g., PETS).

For more information, including instructions for how to apply, see: https://wouterlueks.nl/positions/. If you have any questions, please don’t hesitate to reach out by email. Applications will be considered on a rolling basis.

Closing date for applications:

Contact: Wouter Lueks (lueks .at. cispa .dot. de)

More information: https://wouterlueks.nl/positions/

The School of Computing and Information Technology (SCIT) is looking to recruit an enthusiastic staff member to support teaching and research within SCIT, particularly in the cybersecurity domain, which includes flexible delivery, online degrees and micro-credentials. SCIT aims to maintain its position as a world class Research School and this position is expected to contribute towards that aim. There are key challenges the Lecturer will be required to meet, including but not limited to: Conduct original research of lasting significance and disseminate it Apply and be awarded external research grants Develop teaching material To help maintain an enthusiastic and productive collegial environment as you teach and inspire students Please apply online only. No email application is accepted.

Closing date for applications:

Contact: Prof. Willy Susilo

More information: https://www.uow.edu.au/about/jobs/jobs-available/?fbclid=IwAR1UDzq77c_MqIg_kcxsiFkkp25WoGWErpkK7EIVegHIlOAKqgC8dXvphlQ#en/sites/CX_1/requisitions/preview/3486/?lastSelectedFacet=POSTING_DATES&selectedPostingDatesFacet=30

The MPC in the Head (MPCitH) paradigm has recently led to significant improvements for signatures in the code-based setting. In this paper we consider some modifications to a recent twist of MPCitH, called Hypercube-MPCitH, that in the code-based setting provides the currently best known signature sizes. By compressing the Hypercube-MPCitH five round code-based identification into three rounds we obtain two main benefits. On the one hand, it allows us to further develop recent techniques to provide a tight security proof in the quantum-accessible random oracle model (QROM), avoiding the catastrophic reduction losses incurred using generic QROM-results for Fiat-Shamir. On the other hand, we can reduce the already low-cost online part of the signature to just a hash and some serialization. In addition, we propose the introduction of proof-of-work techniques to allow for a reduction in signature size. On the technical side, we develop generalizations of several QROM proof techniques and introduce a variant of the recently proposed extractable QROM.

In this short note we give another direct proof for the variant of the FO transform used by Kyber in the QROM. At PKC'23 Maram & Xagawa gave the first direct proof which does not require the indirection via FO with explicit rejection, thereby avoiding either a non-tight bound, or the necessity to analyze the failure probability in a new setting. However, on the downside their proof produces a bound that incurs an additive collision bound term. We explore a different approach for a direct proof, which results in a simpler argument closer to prior proofs, but a slightly worse bound.

Batch proofs are proof systems that convince a verifier that $x_1,\dots, x_t \in L$, for some $NP$ language $L$, with communication that is much shorter than sending the $t$ witnesses. In the case of statistical soundness (where the cheating prover is unbounded but honest prover is efficient), interactive batch proofs are known for $UP$, the class of unique witness $NP$ languages. In the case of computational soundness (aka arguments, where both honest and dishonest provers are efficient), non-interactive solutions are now known for all of $NP$, assuming standard cryptographic assumptions. We study the necessary conditions for the existence of batch proofs in these two settings. Our main results are as follows.

1. Statistical Soundness: the existence of a statistically-sound batch proof for $L$ implies that $L$ has a statistically witness indistinguishable ($SWI$) proof, with inverse polynomial $SWI$ error, and a non-uniform honest prover. The implication is unconditional for public-coin protocols and relies on one-way functions in the private-coin case.

This poses a barrier for achieving batch proofs beyond $UP$ (where witness indistinguishability is trivial). In particular, assuming that $NP$ does not have $SWI$ proofs, batch proofs for all of $NP$ do not exist. This motivates further study of the complexity class $SWI$, which, in contrast to the related class $SZK$, has been largely left unexplored.

2. Computational Soundness: the existence of batch arguments ($BARG$s) for $NP$, together with one-way functions, implies the existence of statistical zero-knowledge ($SZK$) arguments for $NP$ with roughly the same number of rounds, an inverse polynomial zero-knowledge error, and non-uniform honest prover.

Thus, constant-round interactive $BARG$s from one-way functions would yield constant-round $SZK$ arguments from one-way functions. This would be surprising as $SZK$ arguments are currently only known assuming constant-round statistically-hiding commitments (which in turn are unlikely to follow from one-way functions).

3. Non-interactive: the existence of non-interactive $BARG$s for $NP$ and one-way functions, implies non-interactive statistical zero-knowledge arguments ($NISZKA$) for $NP$, with negligible soundness error, inverse polynomial zero-knowledge error, and non-uniform honest prover. Assuming also lossy public-key encryption, the statistical zero-knowledge error can be made negligible. We further show that $BARG$s satisfying a notion of honest somewhere extractability imply lossy public key encryption.

All of our results stem from a common framework showing how to transform a batch protocol for a language $L$ into an $SWI$ protocol for $L$.

Isogeny-based cryptography is famous for its short key size. As one of the most compact digital signatures, SQISign (Short Quaternion and Isogeny Signature) is attractive among post-quantum cryptography, but it is ineffcient compared to other post-quantum competitors because of complicated procedures in ideal to isogeny translation, which is the effciency bottleneck of the signing phase. In this paper, we recall the current implementation of SQISign and mainly discuss how to improve the execution of ideal to isogeny translation in SQISign. To be precise, we modify the SigningKLPT algorithm to accelerate the performance of generating the ideal $I_\sigma$. In addition, we explore how to save one of the two elliptic curve discrete logarithms and compute the remainder with the help of the reduced Tate pairing correctly and effciently. We speed up other procedures in ideal to isogeny translation with various techniques as well. It should be noted that our improvements also benefit the performances of key generation and verification in SQISign. In particular, in the instantiation with p3923 the improvements lead to a speedup of 8.82%, 8.50% and 18.94% for key generation, signature and verification, respectively