International Association
for Cryptologic Research

What you do? 1. Design and implement the proving system algorithms that are to be used in zkEVM/zkVM solutions. 2. Optimize Elliptic Curve Primitives and proof generation processes. 3. Survey the emerging zkEVM, zkVM, and various ZKP protocols with in-depth understanding on their academic papers and code implementations. Requirements: 1. Strong background in Math, Cryptography, or Zero Knowledge Proof. 2 Solid experience on Plonk & Halo2 proving systems with both BN and BLS Elliptic Curve families. 3. Proficiency in Rust & Go. 4. Ability to pick up new things beyond cryptography (i.e. details of EVM). 5. Experience in blockchain infrastructure development or cryptography preferred.

Closing date for applications:

Contact: mia

We are looking for a PhD candidate in Secure Computation, focusing on Multiparty Computation (and related cryptographic protocols), and its applications to Machine Learning. For a complete description of the position and to apply, please see: https://www.universiteitleiden.nl/en/vacancies/2023/q3eng/23-48013889phd-candidate-privacy-preserving-machine-learning

Closing date for applications:

Contact: Eleftheria Makri: e.makri@liacs.leidenuniv.nl

More information: https://www.universiteitleiden.nl/en/vacancies/2023/q3eng/23-48013889phd-candidate-privacy-preserving-machine-learning

We are seeking a highly motivated candidate for a fully funded PhD position in Code-Based Cryptography/Cryptanalysis, focusing on theoretical and practical cryptanalysis of code-based schemes, particularly the current NIST PQC candidates.

This position is a collaboration between Ruhr University Bochum (RUB) in Germany and the Technology Innovation Institute (TII) in Abu Dhabi. You will work closely with renowned experts Dr. Andre Esser from TII and Prof. Alexander May from RUB. The primary office is based at RUB, with generous travel opportunities and a planned multiple months research stay at the partnering TII.

The ideal candidate:

• Master's degree (obtained before the starting date) in mathematics, computer science, or a related field
• Strong knowledge of cryptology, particularly in code-based cryptography / cryptanalysis
• Excellent track record of completed classes in cryptography, cryptanalysis, coding theory, etc.
• Curiosity-driven, self-motivated and open to international exchange
• Proficient in spoken/written English as well as in any programming language
• Prior publications or contributed to research projects

You'll enjoy a fully funded position with a competitive salary (100%, E13) for three years, access to cutting-edge research facilities, collaboration with top experts, and ample travel opportunities. The program provides vibrant workplaces, exceptional networking possibilities, and the chance to conduct original research with direct impact on post-quantum cryptographic standards. Program conducted entirely in English, no German required. Starting date negotiable, ideally fall 2023.

To apply, please send the following documents via email:

• Cover letter expressing your interest in the position and summarizing your qualifications (1-2 pages)
• CV highlighting your educational background, research experience, and publications (if any)
• Copies of bachelor’s and master’s certificates
• Contact information for two or more academic references

We're excited to receive your application!

Closing date for applications:

Contact: Andre Esser (andre.esser@tii.ae)

We are looking for a motivated PhD student for a project in provable post-quantum security. The goal of the PhD is to investigate the hardness of mathematical problems supposed to resist quantum attacks. The project is funded by the Italian National Recovery and Resilience Plan (NRRP) DM117. For further information please visit: https://www.unitn.it/en/ateneo/110103/nrrp-dm117-2023 Online application: https://webapps.unitn.it/Apply/en/Web/Home/dott

Closing date for applications:

Contact: Marco Calderini

The Applied Cryptography Group at Technical University of Darmstadt offers a fully funded post-doc position as part of the ERC project CRYPTOLAYER. The goal of this project is to develop cryptographic tools to improve the privacy, scalability and security of next-generation blockchain protocols. Topics of interest include (but are not limited to) threshold cryptography, second-layer protocols, cryptographic wallets, multiparty computation, zero-knowledge and more. You will conduct research and publish/present the results at top venues for research in cryptography and IT Security. The position is to be filled as soon as possible for initially 2 years with the possibility of an extension.

Your profile:

• Completed PhD degree (or equivalent) at a top university in IT security, computer science, mathematics, electrical engineering, or a similar area.
• Publications at top venues for cryptography/IT Security (e.g., EUROCRYPT, CRYPTO, ASIACRYPT, S&P, CCS, TCC),
• Good knowledge in one of the topics mentioned above is a plus.
• Experience in project management and supervising students is a plus.

Your application should contain a CV, list of publications, a short research statement and at least one contact for a reference letter.

TU Darmstadt is a top research university for IT Security, Cryptography, and Computer Science in Europe. We offer an excellent working environment in the heart of the Frankfurt Metropolitan Area, which is internationally well-known for its high quality of life. The review of applications starts immediately until the position is filled.

Closing date for applications:

Contact: Sebastian Faust

The Applied Cryptography Group at Technical University of Darmstadt offers a fully funded Ph.D. position in cryptography. Topics of interest include (but are not limited to) threshold cryptography, cryptography for blockchains, leakage resilient cryptography, multiparty computation and more. You will conduct research and publish/present the results at top venues for research in cryptography and IT Security. The position is to be filled as soon as possible for initially 3 years with the possibility of an extension.

Your profile:

• Completed Master's degree (or equivalent) with excellent grades in computer science, mathematics, or a similar area.
• Strong mathematical and/or algorithmic/theoretical CS background
• Good knowledge in one of the topics mentioned above is a plus.
• Fluent in English

Your application should contain a CV, record of grades, a short motivation letter and at least one contact for a reference letter.

TU Darmstadt is a top research university for IT Security, Cryptography, and Computer Science in Europe. We offer an excellent working environment in the heart of the Frankfurt Metropolitan Area, which is internationally well-known for its high quality of life. The review of applications starts immediately until the position is filled.

Closing date for applications:

Contact: Sebastian Faust

There is an open call for a Postdoc position in the Cyber Security and Applied Cryptograhy research group at the Institute of Computer Science, University of St.Gallen, led by Prof. Katerina Mitrokotsa.

Our research interests are centered around information security and applied cryptography, with the larger goal of safeguarding communications and providing strong privacy guarantees. We are active in several areas, a subset of which include:

• Verifiable computation
• Secure, private and distributed aggregation
• Secure multi-party computation
• Privacy-preserving biometric authentication
• Anonymous credentials
• Distributed and privacy-preserving authentication

Candidates should have a strong background in applied cryptography and provable security, are able to work independently and also collaborate in a team. Applicants must hold a Ph.D., with contributions in the relevant research topics and have publications in good venues.

The starting date for the position is flexible and come with a very competitive salary. The selection process runs until the suitable candidate has been found. The University of St.Gallen conducts excellent research with international implications. The city of St.Gallen is located one hour from Zurich and offers a high quality of life.

Please apply by 20th July 2023 through the job portal (via link).

Closing date for applications:

Contact: Prof. Katerina Mitrokotsa - applications through job portal only.

More information: https://jobs.unisg.ch/offene-stellen/postdoc-fellow-in-cryptography-information-security-m-f-d/25ddb9d0-5c47-41ac-8bde-5789dbaca5c4

We are looking for a bright and motivated PhD student to work in the topics of information security and cryptography.

The student is expected to work on topics that include security and privacy issues in authentication. More precisely, the student will be working on investigating efficient and privacy-preserving authentication that provides: i) provable security guarantees, and ii) rigorous privacy guarantees.

Key Responsibilities:

• Perform exciting and challenging research in the domain of information security and cryptography.
• Support and assist in teaching computer security and cryptography courses.

Profile:

• The PhD student is expected to have a MSc degree or equivalent, and strong background in cryptography, network security and mathematics.
• Experience in one or more domains such as cryptography, design of protocols, secure multi-party computation and differential privacy is beneficial.
• Excellent programming skills.
• Excellent written and verbal communication skills in English

The Chair of Cyber Security, https://cybersecurity.unisg.ch/, led by Prof. Katerina Mitrokotsa, is a part of the Institute of Computer Science (ICS) at the University of St.Gallen. Our research interests are centered around information security and applied cryptography, with the larger goal of safeguarding communications and providing strong privacy guarantees. We are currently active in multiple areas including the design of provably secure cryptographic protocols and cryptographic primitives that can be employed for reliable authentication, outsourcing computations in cloud-assisted settings, network security problems as well as secure and privacy-preserving machine learning. As a doctoral student you will be a part of the Doctoral School of Computer Science (DCS), https://dcs.unisg.ch.

The starting date for the position is flexible and come with a very competitive salary. The selection process runs until the suitable candidate has been found.

Please apply by 20th July 2023 through the job portal (via link).

Closing date for applications:

Contact: Prof. Katerina Mitrokotsa - applications through job portal only.

More information: https://jobs.unisg.ch/offene-stellen/funded-phd-student-in-applied-cryptography-privacy-preserving-authentication-m-f-d/e7a9e90b-02cd-45d0-ad4f-fc02131eaf86

Shor's algorithm solves the discrete logarithm problem (DLP) efficiently by taking advantage of the commutativity structure of the group underlying the problem. To counter Shor's algorithm, Horan et al. propose a DLP analogue in the semidirect product semigroup $G\rtimes \mathrm{End}(G)$, given a (semi)group $G$, to construct a quantum-resistant Diffie-Hellman key exchange based on it. For general (semi)groups, the semidirect product discrete logarithm problem (SPDLP) can be reduced to the hidden shift problem where Kuperberg's subexponential quantum algorithm is applicable. In this paper, we consider a specific case where $G$ is an elliptic curve over a finite field and we show that SPDLP on elliptic curves can be solved efficiently using an adaptation of Shor's algorithm for the standard elliptic curve discrete logarithm problem (ECDLP). This result points out that one should not use elliptic curves as the platforms for the semidirect product key exchange.

Zero-knowledge proof systems are becoming increasingly prevalent and being widely used to secure decentralized financial systems and protect the privacy of users. Given the sensitivity of these applications, zero-knowledge proof systems are a natural target for formal verification methods. We describe methods for checking one such proof system: Halo2. We use abstract interpretation and an SMT solver to check various properties of Halo2 circuits. Using abstract interpretation, we can detect unused gates, unconstrained cells, and unused columns. Using an SMT solver, we can detect under-constrained (in the sense that for the same public input they have two efficiently computable satisfying assignments) circuits. This is the first work we are aware of that applies lightweight formal methods to PLONKish arithmetization and Halo2 circuits.

We construct a succinct non-interactive argument ($\mathsf{SNARG}$) for the class of monotone policy batch $\mathsf{NP}$ languages under the Learning with Errors ($\mathsf{LWE}$) assumption. This class is a subclass of $\mathsf{NP}$ that is associated with a monotone function~$f:\{0,1\}^k\rightarrow\{0,1\}$ and an $\mathsf{NP}$ language $\mathcal L$, and contains instances $(x_1,\ldots,x_k)$ such that $f(b_1,\ldots,b_k)=1$ where $b_j=1$ if and only if $x_j\in \mathcal L$. Our $\mathsf{SNARG}$s are arguments of knowledge in the non-adaptive setting, and satisfy a new notion of somewhere extractability against adaptive adversaries.

This is the first $\mathsf{SNARG}$ under standard hardness assumptions for a sub-class of $\mathsf{NP}$ that is not known to have a (computational) non-signaling $\mathsf{PCP}$ with small locality. Indeed, our approach necessarily departs from the known framework of constructing $\mathsf{SNARG}$s dating back to [Kalai-Raz-Rothblum, STOC '13]

Our construction combines existing quasi-arguments for $\mathsf{NP}$ (based on batch arguments for $\mathsf{NP}$) with a novel ingredient which we call a predicate-extractable hash ($\mathsf{PEH}$) family. This notion generalizes the notion of a somewhere extractable hash. Whereas a somewhere extractable hash allows to extract a single input coordinate, our $\mathsf{PEH}$ extracts a global property of the input. We view this primitive to be of independent interest, and believe that it will find other applications.

The low-degree method postulates that no efficient algorithm outperforms low-degree polynomials in certain hypothesis-testing tasks. It has been used to understand computational indistinguishability in high-dimensional statistics.

We explore the use of the low-degree method in the context of cryptography. To this end, we apply it in the design and analysis of a new public-key encryption scheme whose security is based on Goldreich's pseudorandom generator. The scheme is a combination of two proposals of Applebaum, Barak, and Wigderson, and inherits desirable features from both.

Topological Data Analysis (TDA) offers a suite of computational tools that provide quantified shape features in high dimensional data that can be used by modern statistical and predictive machine learning (ML) models. In particular, persistent homology (PH) takes in data (e.g., point clouds, images, time series) and derives compact representations of latent topological structures, known as persistence diagrams (PDs). Because PDs enjoy inherent noise tolerance, are interpretable and provide a solid basis for data analysis, and can be made compatible with the expansive set of well-established ML model architectures, PH has been widely adopted for model development including on sensitive data, such as genomic, cancer, sensor network, and financial data. Thus, TDA should be incorporated into secure end-to-end data analysis pipelines. In this paper, we take the first step to address this challenge and develop a version of the fundamental algorithm to compute PH on encrypted data using homomorphic encryption (HE).

We construct the first tight verifiable delay function (VDF) where the evaluation algorithm only evaluates sequentially the function and hence outputs and empty proof, verification is independent of time parameter $T$ and setup has constant size parameters. Our VDF is based on repeated squaring in hidden order groups, but it requires that coins used to sample a random instance must be kept secret in order to guarantee sequentiality. We denote such a VDF as a private coin verifiable delay function and show that it can be used to obtain multiplicatively homomorphic non-interactive timed commitment with efficient publicly verifiable force decommitment algorithm.

Lattice-based cryptographic schemes such as Crystals-Kyber and Dilithium are post-quantum algorithms selected to be standardized by NIST as they are considered to be secure against quantum computing attacks. The multiplication in polynomial rings is the most time-consuming operation in many lattice-based cryptographic schemes, which is also subject to side-channel attacks. While NTT-based polynomial multiplication is almost a norm in a wide range of implementations, a relatively new method, incomplete-NTT is preferred to accelerate lattice-based cryptography, especially on some computing platforms that feature special instructions. In this paper, we present a novel, efficient and non-profiled power/EM side-channel attack targeting polynomial multiplication based on the incomplete NTT algorithm. We apply the attack on the Crystals-Dilithium signature algorithm and demonstrate that the method accelerates attack run-time when compared to conventional correlation power attacks (CPA). While a conventional CPA tests much larger hypothesis set due to the fact that it needs to predict two coefficients of secret polynomials together, we propose a much faster zero-value filtering attack (ZV-FA), which reduces the size of the hypothesis set by targeting the coefficients individually. We also propose an effective and efficient validation and correction technique to estimate and modify the mis-predicted coefficients. Our experimental results show that we can achieve a speed-up of 128.1× over conventional CPA using a total of 13K traces.

Zero-Knowledge proof systems are widely used as building blocks of different protocols, e.g., such as those supporting blockchains. A core element in Zero-Knowledge proof systems is the underlying PRF, usually modeled as a hash function that needs to be efficient over finite fields of prime order. Such hash functions are part of a newly developed paradigm known as Arithmetization-Oriented designs.

In this paper, we propose two new AO hash functions, XHash8 and XHash12 which are designed based on improving the bottlenecks in RPO [ePrint 2022/1577]. Based on our experiments, XHash8 performs $\approx2.75$ times faster than RPO, and XHash12 performs $\approx2$ times faster than RPO, while at the same time inheriting the security and robustness of the battle-tested Marvellous design strategy.

The problem of designing authenticated key establishment protocols has a rich history. Since 1976 more than a hundred different protocols have been proposed. But the task of comparing and classifying existing protocols is usually complicated by the fact that they are described in different terms and with different levels of detail. This paper contains intermediate results on enumeration and uniform description of AKE protocols. We publish it in order to get feedback on the description principles used. Here we describe 100 AKE protocols (there are much more such protocols, but we found these earlier) in identical terms and the same level of detail. The proposed descriptions are not structured (chronologically only) but classifying of these protocols is future work direction.

In recent years, personal and medical data collected through mobile apps has become a useful data source for researchers. Platforms like Apple ResearchKit try to make it as easy as possible for non-experts to set up such data collection campaigns. However, since the collected data is sensitive, it must be well protected. Methods that provide technical privacy guarantees often limit the usefulness of the data and results. In this paper, we model and analyze mobile data donation to better understand the requirements that must be fulfilled by privacy-preserving approaches. To this end, we give an overview of the functionalities researchers require from data donation apps by analyzing existing apps. We also create a model of the current practice and analyze it using the LINDDUN privacy framework to identify privacy threats.

In response to side-channel attacks on masked implementations of post-quantum cryptographic algorithms, a new bitsliced higher-order masked implementation of CRYSTALS-Kyber has been presented at CHES'2022. The bitsliced implementations are typically more difficult to break by side-channel analysis because they execute a single instruction across multiple bits in parallel. However, in this paper, we reveal new vulnerabilities in the masked Boolean to arithmetic conversion procedure of this implementation that make the shared and secret key recovery possible. We also present a new chosen ciphertext construction method which maximizes secret key recovery probability for a given message bit recovery probability. We demonstrate practical shared and secret key recovery attacks on the first-, second- and third-order masked implementations of Kyber-768 in ARM Cortex-M4 using profiled deep learning-based power analysis.

Suppose two parties have hash functions $h_1$ and $h_2$ respectively, but each only trusts the security of their own. We wish to build a hash combiner $C^{h_1, h_2}$ which is secure so long as either one of the underlying hash functions is. This question has been well-studied in the regime of collision resistance. In this case, concatenating the two hash outputs clearly works. Unfortunately, a long series of works (Boneh and Boyen, CRYPTO'06; Pietrzak, Eurocrypt'07; Pietrzak, CRYPTO'08) showed no (noticeably) shorter combiner for collision resistance is possible.

We revisit this pessimistic state of affairs, motivated by the observation that collision-resistance is insufficient for many applications of cryptographic hash functions anyway. We argue the right formulation of the "hash combiner" is what we call random oracle (RO) combiners.

Indeed, we circumvent the previous lower bounds for collision resistance by constructing a simple length-preserving RO combiner $$\widetilde{C}_{\mathcal{Z}_1,\mathcal{Z}_2}^{h_1,h_2}(M) = h_1(M, \mathcal{Z}_1) \oplus h_2(M, \mathcal{Z}_2),$$ where $\mathcal{Z}_1, \mathcal{Z}_2$ are random salts of appropriate length. We show that this extra randomness is necessary for RO combiners, and indeed our construction is somewhat tight with this lower bound.

On the negative side, we show that one cannot generically apply the composition theorem to further replace "monolithic" hashes $h_1$ and $h_2$ by some simpler indifferentiable construction (such as the Merkle-Damgård transformation) from smaller components, such as fixed-length compression functions. Despite this issue, we directly prove collision resistance of the Merkle-Damgård variant of our combiner, where $h_1$ and $h_2$ are replaced by iterative Merkle-Damgård hashes applied to fixed-length compression functions. Thus, we can still subvert the concatenation barrier for collision-resistance combiners using practically small components.