International Association
for Cryptologic Research

AIT is Austria's s largest research and technology organisation for applied research, located in Vienna.
The cryptography team is conducting research in the domain of public key cryptography, including secure communication, privacy-enhancing technologies, and long-term and post-quantum security. Our research covers the full spectrum from idea creation to the development of prototypes and demonstrators.

The team is seeking to grow, and is therefore offering a scientist position in cryptography.

Requirements:

• PhD (or equivalent) in computer science or a related field, with a specialization on (public-key) cryptology
• Profound knowledge and experience in (public key) cryptography, including, e.g.: federated computation, secure communication, long-term and post-quantum security, privacy-enhancing technologies, real world crypto, zero-knowledge proofs and zkSNARKs.
• Strong track record with publications at competitive academic conferences or journals
• Experience in the acquisition and execution of national and transnational research projects (e.g., Horizon 2020) is a plus
• Good knowledge of a programming language (e.g., C/C++, Rust, Python, Java) and software development is a plus
• Very good written and oral English skills; knowledge of German is not a requirement but willingness to learn German is expected

AIT values diversity and is committed to equality.

The minimum gross annual salary on a full-time basis (38,5 h / week) according to the collective agreement is EUR 61.614,--. The actual salary will be determined individually, based on your qualifications and experience. In addition, we offer company benefits, flexible working conditions, individual training and career opportunities.

All applications (including cover letter, full CV, at least 2 references) need to be submitted using the following link: https://jobs.ait.ac.at/Job/218885

Closing date for applications:

Contact: Stephan Krenn (stephan.krenn@ait.ac.at)

More information: https://jobs.ait.ac.at/Job/218885

Event date: 23 July to 25 July 2024
Submission deadline: 27 May 2024
Notification: 10 June 2024

We are currently hiring a Scientist to join our Advanced Research and Cryptography team. In this role you will be an integral part of a team developing and implementing cryptographic protocols for encrypted computations. The Advanced Research and Cryptography team includes well-known researchers and is a major contributor to the OpenFHE software library.

The ideal candidate is expected to have a strong background in lattice-based cryptography and/or fully homomorphic encryption. Experience in secure multiparty computation and/or zero-knowledge proofs is nice to have. Software prototyping experience is important, and C++ prototyping skills are preferred.

This position offers flexibility, with the expectation of working in a hybrid mode (at our Hoboken, NJ office). Candidates can start working remotely. More information is available at https://dualitytech.com/careers/cryptography-scientist-2/.

Closing date for applications:

Contact: Yuriy Polyakov (ypolyakov@dualitytech.com)

More information: https://dualitytech.com/careers/cryptography-scientist-2/

Several fully-funded PhD student openings for Fall 2024 are available in cryptography, computer security, privacy, and blockchain-based systems at the University of Connecticut (UConn), School of Computing, led by Prof. Ghada Almashaqbeh.

The positions provide a great opportunity for students with interest in interdisciplinary projects that combine knowledge from various fields towards the design of secure systems and protocols. We target real-world and timely problems and aim to develop secure and practical solutions backed by rigorous foundations and efficient implementations/thorough performance testing. We are also interested in theoretical projects that contribute in devising new models in Cryptography and Privacy.

For more information about our current and previous projects please check https://ghadaalmashaqbeh.github.io/research/. For interested students, please send your CV to ghada@uconn.edu and provide any relevant information about your research interests, and relevant skills and background.

Closing date for applications:

Contact: Ghada Almashaqbeh

More information: https://ghadaalmashaqbeh.github.io/research/

The Department of Computer Science at University College London (UCL) invites applications for a faculty position in Information Security. We seek world-class talent; candidates must have an outstanding research track record. Appointments will be made at the rank of Lecturer (equivalent to Assistant Professor), Associate Professor or Professor, depending on experience.

We seek applicants with expertise and experience that complements or builds on our current strengths, including but not limited to, the areas of: human factors in security, systems and network security, machine learning and security, cybercrime, online safety, cryptography, embedded systems security, and software security.

Key dates

• Information session: 12 December 2023, 2–3pm (UK time)
• Closing date: 31 January 2024
• Interviews: 26 February to 8 March 2024

Closing date for applications:

Contact: Steven Murdoch (s.murdoch AT ucl.ac.uk)

More information: https://sec.cs.ucl.ac.uk/hiring-2024/

We have three postdoctoral positions in Computer Science - Cybersecurity, starting from March 2024 in Brazil. Successful candidates will join us in the insightful and challenging research project “MENTORED: From Modeling to Experimentation - Predicting and Detecting DDoS and Zero-day attacks” from MCTIC/FAPESP. The team of the MENTORED project comprises researchers from different institutions in Brazil, having as Principal Investigator Prof. Michele Nogueira. Each successful candidate will receive a FAPESP postdoctoral fellowship, a monthly stipend of R$ 9.047,40, and research contingency funds (15% of the annual value of the fellowship per year). Further details on the FAPESP webpage: http://www.fapesp.br/en/5427. Application deadline: until the position is filled. Application e-mail: mentored.project@gmail.com For questions: michele@dcc.ufmg.br For further information about the positions, please see: https://mentored.dcc.ufmg.br/calls (postdoctoral open positions - EN) About the project The research project MCTI/FAPESP MENTORED (From Modeling to Experimentation: Predicting and Detecting DDoS and Zero-day attacks) in Cybersecurity has three (3) postdoctoral fellowship open positions in Brazil. Successful candidates must have completed his/her Ph.D. in Computer Science, Engineering, or equivalent less than seven years ago. The candidate must provide a history of relevant research in areas such as Computer Networks, Network Security, or the Internet of Things. For further information, please send a message to mentored.project@gmail.com

Closing date for applications:

Contact: Michele Nogueira - mentored.project@gmail.com

More information: https://mentored.dcc.ufmg.br/calls

Nillion is a Web3 infrastructure project based on a novel cryptographic innovation called NMC. This new technology enables decentralized data storage and computation

As a Cryptography Researcher at Nillion, you will research, design, and define cryptographic protocols within the larger framework of distributed systems, formally proving their security. You will be responsible for conducting groundbreaking research that will lead to commercially viable and reliable products by analyzing, proposing, and validating cryptography solutions within a decentralized computing environment

Requirements:

• 5+ years of academic research experience in cryptography
• Qualified to a PhD or Postdoc degree in cryptography
• Several international scientific publications
• Deep understanding of MPC
• Excellent verbal and written communication skills in English
• Extensive experience working with internal and external stakeholders
• Have highly effective communication, interpersonal and critical thinking skills
• Ability to understand, formally describe and prove mathematical concepts in writing
• The ability to write formal security proofs in the UC framework Publications in the domain of MPC, ZKP or FHE

Responsibilities:

• Developing new protocols and their security proofs
• Creating variants of existing protocols (synchronous/asynchronous, computational/ITS, passive/active, static/mobile adversaries, boolean/arithmetic, etc.)
• Verifying existing Nillion protocols and their security proofs
• Proof-reading existing written material (e.g. technical whitepaper)
• Writing new security proofs for existing Nillion protocols
• Optimizing existing protocols for performance Giving internal presentations for educational purposes Participating in brainstorming sessions for new ideas

Closing date for applications:

Contact: James Williams (James.Williams@Nillion.com)

Koç University, College of Engineering seeks candidates to serve as part-time instructors to teach undergraduate-level Computer Engineering courses including Introduction to Programming with Python, Advanced Object-Oriented Programming with Java, Programming Language Concepts and Operating Systems. The candidate should have a graduate degree, PhD or MS, in an area related to computer science, data science, statistics, mathematics, or engineering with proficiency in Python, Java, or Systems Programming, a preferred teaching experience of 2+ years, and high motivation for teaching.

Koç University is a private, non-profit institution located on a state-of-the-art campus in Istanbul, Turkey. The University is supported by the Vehbi Koç Foundation and is committed to the pursuit of excellence in both teaching and research. The medium of instruction is English.

Applicants should send a cover letter, a current CV, and a statement of teaching interests to comp-instructor23-group@ku.edu.tr. Please include the names and email addresses of at least three references in your application. All applications completed by December 15, 2023, will receive full consideration, but candidates are urged to submit all required materials as soon as possible. Applications will be reviewed until the positions are filled.

Closing date for applications:

Contact: comp-instructor23-group@ku.edu.tr

More information: https://cs.ku.edu.tr/open-positions/faculty-positions/

Koç University College of Engineering invites applications for Full-time Faculty positions in Computer Science and Engineering starting in Fall 2024. Outstanding applicants with strong theoretical research contributions in all areas of computer science and engineering are invited to apply for the position. The ideal candidates are expected to have a visionary research agenda with an exceptional track record in research and publication, demonstrating a deep commitment to academic excellence and innovation; together with a keen commitment to teaching and learning.

Faculty members are expected to teach undergraduate and graduate courses in addition to maintaining a vigorous research program, collaborating across multiple disciplines, and leveraging the research infrastructure of Koç University such as Koç University Is Bank Artificial Intelligence Research Center (KUIS AI) and Koç University Translational Medicine Research Center (KUTTAM).

Koç University is a private, nonprofit institution located on a state-of-the-art campus in Istanbul, Turkey. The medium of instruction is English. Koç University hosts the highest number of European Research Council (ERC) Grant recipients and continues to receive the largest total amount of research funding from Horizon 2020 in the nation.

We are looking for outstanding individuals who are able to build strong research and teaching programs and who can develop into intellectual leaders. It is also important that the candidates interact closely with colleagues across different disciplines and contribute positively to the successful advancement of the College. We offer a competitive salary and benefit package (e.g., housing support, private insurance, K12 package, research startup support).

Applicants should submit their application online at Academic Jobs Online: CV, a statement of teaching interests, a description of the proposed research program, and the names and addresses of at least three references. The evaluation of applications will commence in mid-January and will continue until the positions are filled. All applications will be considered and treated confidentially.

Closing date for applications:

Contact: Questions regarding the position can be directed to Asst. Prof. Gözde Gül Şahin (gosahin{at}ku.edu.tr) and Assoc. Prof. Aykut Erdem (aerdem{at}ku.edu.tr) chair of this faculty search committee.

More information: https://academicjobsonline.org/ajo/jobs/26651

Threshold Implementation (TI) is a well-known Boolean masking technique that provides provable security against side-channel attacks. In the presence of glitches, the probing model was replaced by the so-called glitch-extended probing model which specifies a broader security framework. In CHES 2021, Shahmirzadi et al. introduced a general search method for finding first-order 2-share TI schemes without fresh randomness (under the presence of glitches) for a given encryption algorithm. Although it handles well single-output Boolean functions, this method has to store output shares in registers when extended to vector Boolean functions, which results in more chip area and increased latency. Therefore, the design of TI schemes that have low implementation cost under the glitch-extended probing model appears to be an important research challenge. In this paper, we propose an approach to design the first-order glitch-extended probing secure TI schemes when quadratic functions are employed in the substitution layer. This method only requires a small amount of fresh random bits and a single clock cycle for its implementation. In particular, the random bits in our approach are reusable and compatible with the changing of the guards technique. Our dedicated TI scheme for the AES cipher gives 20.23% smaller implementation area and 4.2% faster encryption compared to the TI scheme of AES (without using fresh randomness) proposed in CHES 2021. Additionally, we propose a parallel implementation of two S-boxes that further reduces latency (about 39.83%) at the expense of increasing the chip area by 9%. We have positively confirmed the security of AES under the glitch-extended probing model using the verification tool - SILVER and the side-channel leakage assessment method - TVLA.

Decentralized Finance, mushrooming in permissionless blockchains, has attracted a recent surge in popularity. Due to the transparency of permissionless blockchains, opportunistic traders can compete to earn revenue by extracting Miner Extractable Value (MEV), which undermines both the consensus security and efficiency of blockchain systems. The Flashbots bundle mechanism further aggravates the MEV competition because it empowers opportunistic traders with the capability of designing more sophisticated MEV extraction. In this paper, we conduct the first systematic study on DeFi MEV activities in Flashbots bundle by developing ActLifter, a novel automated tool for accurately identifying DeFi actions in transactions of each bundle, and ActCluster, a new approach that leverages iterative clustering to facilitate us to discover known/unknown DeFi MEV activities. Extensive experimental results show that ActLifter can achieve nearly 100% precision and recall in DeFi action identification, significantly outperforming state-of-the-art techniques. Moreover, with the help of ActCluster, we obtain many new observations and discover 17 new kinds of DeFi MEV activities, which occur in 53.12% of bundles but have not been reported in existing studies.

The general quantum approximate optimization algorithm (QAOA) produces approximate solutions for combinatorial optimization problems. The algorithm depends on a positive integer $p$ and the quality of approximation improves as $p$ is increased. In this note, we put some questions about the general QAOA. We also find the recursive QAOA for MaxCut problem is flawed because all quantum gates involved in the algorithm are single qubit gates. No any entangling gate is used, which results in that the quantum computing power cannot be certified for the problem.

This report analyzes the 16 submissions to the Korean post-quantum cryptography (KpqC) competition.

The security of code-based cryptography relies primarily on the hardness of decoding generic linear codes. Until very recently, all the best algorithms for solving the decoding problem were information set decoders ($\mathsf{ISD}$). However, recently a new algorithm called RLPN-decoding which relies on a completely different approach was introduced and it has been shown that RLPN outperforms significantly $\mathsf{ISD}$ decoders for a rather large range of rates. This RLPN decoder relies on two ingredients, first reducing decoding to some underlying LPN problem, and then computing efficiently many parity-checks of small weight when restricted to some positions. We revisit RLPN-decoding by noticing that, in this algorithm, decoding is in fact reduced to a sparse-LPN problem, namely with a secret whose Hamming weight is small. Our new approach consists this time in making an additional reduction from sparse-LPN to plain-LPN with a coding approach inspired by $\mathsf{coded}$-$\mathsf{BKW}$. It outperforms significantly the $\mathsf{ISD}$'s and RLPN for code rates smaller than $0.42$. This algorithm can be viewed as the code-based cryptography cousin of recent dual attacks in lattice-based cryptography. We depart completely from the traditional analysis of this kind of algorithm which uses a certain number of independence assumptions that have been strongly questioned recently in the latter domain. We give instead a formula for the LPN noise relying on duality which allows to analyze the behavior of the algorithm by relying only on the analysis of a certain weight distribution. By using only a minimal assumption whose validity has been verified experimentally we are able to justify the correctness of our algorithm. This key tool, namely the duality formula, can be readily adapted to the lattice setting and is shown to give a simple explanation for some phenomena observed on dual attacks in lattices in [DP23].

The existence of a quantum computer is one of the most significant threats cryptography has ever faced. However, it seems that real world protocols received little attention so far with respect to their future security. Indeed merely relying upon post-quantum primitives may not suffice in order for a security protocol to be resistant in a full quantum world. In this paper, we consider the fundamental UMTS key agreement used in 3G but also in 4G (LTE), and in the (recently deployed) 5G technology. We analyze the protocol in a quantum setting, with quantum communications (allowing superposition queries by the involved parties), and where quantum computation is granted to the adversary. We prove that, assuming the underlying symmetric-key primitive is quantum-secure, the UMTS key agreement is also quantum-secure. We also give a quantum security analysis of the underlying primitives, namely Milenage and TUAK. To the best of our knowledge this paper provides the first rigorous proof of the UMTS key agreement in a strong quantum setting. Our result shows that in the quantum world to come, the UMTS technology remains a valid scheme in order to secure the communications of billions of users.

The Dual-Sieve Attack on Learning with Errors (LWE), or more generally Bounded Distance Decoding (BDD), has seen many improvements in the recent years, and ultimately led to claims that it outperforms the primal attack against certain lattice-based schemes in the PQC standardization process organised by NIST. However, the work of Ducas--Pulles (Crypto '23) revealed that the so-called "Independence Heuristic", which all recent dual attacks used, leads to wrong predictions in a contradictory regime, which is relevant for the security of cryptoschemes. More specifically, the stated distributions of scores for the actual solution and for incorrect candidates were both incorrect.

In this work, we propose to use the weaker heuristic that the output vectors of a lattice sieve are uniformly distributed in a ball. Under this heuristic, we give an analysis of the score distribution in the case of an error of fixed length. Integrating over this length, we extend this analysis to any radially distributed error, in particular the gaussian as a fix for the score distribution of the actual solution. This approach also provides a prediction for the score of incorrect candidates, using a ball as an approximation of the Voronoi cell of a lattice.

We compare the predicted score distributions to extensive experiments, and observe them to be qualitatively and quantitatively quite accurate. This constitutes a first step towards fixing the analysis of the dual-sieve attack: we can now accurately estimate false-positives and false-negatives. Now that the analysis is fixed, one may consider how to fix the attack itself, namely exploring the opportunities to mitigate a large number of false-positives.

Driven by the open problem raised by Hofheinz and Kiltz (Journal of Cryptology, 2012), we study the formalization of lattice-based programmable hash function (PHF), and give three types of concrete constructions by using several techniques such as a novel combination of cover-free sets and lattice trapdoors. Under the Inhomogeneous Small Integer Solution (ISIS) assumption, we show that any (non-trivial) lattice-based PHF is a collision-resistant hash function, which gives a direct application of this new primitive.

We further demonstrate the power of lattice-based PHF by giving generic constructions of signature and identity-based encryption (IBE) in the standard model, which not only provide a way to unify several previous lattice-based schemes using the partitioning proof techniques, but also allow us to obtain new short signature schemes and IBE schemes from (ideal) lattices. Specifically, by instantiating the generic constructions with our Type-II and Type-III PHF constructions, we immediately obtain two short signatures and two IBE schemes with asymptotically much shorter keys. A major downside which inherits from our Type-II and Type-III PHF constructions is that we can only prove the security of the new signatures and IBEs in the bounded security model that the number Q of the adversary’s queries is required to be known in advance. Another downside is that the computational time of our new signatures and IBEs is a linear function of Q, which is large for typical parameters.

To overcome the above limitations, we also give a refined way of using Type-II and Type-III PHFs to construct lattice-based short signatures with short verification keys in the full security model. In particular, our methods depart from the confined guessing technique of B¨ohl et al. (Eurocrypt’13) that was used to construct previous standard model short signature schemes with short verification keys by Ducas and Micciancio (Crypto’14) and by Alperin-Sheriff (PKC’15), and allow us to achieve much tighter security from weaker hardness assumptions.

Credential tweaking attacks use breached passwords to generate semantically similar passwords and gain access to victims' services. These attacks sidestep the first generation of compromised credential checking (C3) services. The second generation of compromised credential checking services, called "Might I Get Pwned" (MIGP), is a privacy-preserving protocol that defends against credential tweaking attacks by allowing clients to query whether a password or a semantically similar variation is present in the server's compromised credentials dataset. The desired privacy requirements include not revealing the user's entered password to the server and ensuring that no compromised credentials are disclosed to the client.

In this work, we formalize the cryptographic leakage of the MIGP protocol and perform a security analysis to assess its impact on the credentials held by the server. We focus on how this leakage aids breach extraction attacks, where an honest-but-curious client interacts with the server to extract information about the stored credentials. Furthermore, we discover additional leakage that arises from the implementation of Cloudflare's deployment of MIGP. We evaluate how the discovered leakage affects the guessing capability of an attacker in relation to breach extraction attacks. Finally, we propose MIGP 2.0, a new iteration of the MIGP protocol designed to minimize data leakage and prevent the introduced attacks.

Nonlinear feedback shift registers (NFSRs) are used in many stream ciphers as their main building blocks. One security criterion for the design of a stream cipher is to assure its keystream has a long period. To meet this criterion, the NFSR used in a stream cipher must have a long state cycle. Further, to simultaneously avoid equivalent keys, the keystream's period is not compressed compared to the NFSR's state cycle length, which can be guaranteed if the NFSR is observable in the sense that any two distinct initial states are distinguishable from their resulting output sequences. The cycle structure of a general NFSR remains an open hard problem. Constructing Fibonacci NFSRs with maximum state cycles has therefore attracted much attention, but so far such Fibonacci NFSRs with known feedback functions have been found only for their stage numbers no greater than 33.

Considering that Galois NFSRs may decrease the area and increase the throughput compared to Fibonacci NFSRs, this paper studies two types of $n$-stage Galois NFSRs, whose state transition matrices are circulant matrices with only one nonzero element of 1 in each column. The cycle structure and observability of both types are disclosed using the semi-tensor product based Boolean network approach. In the first type, each Galois NFSR has the state transition matrix, in which the position of the element 1 in the first column is even. It has the maximum state cycle with an arbitrary stage number and an explicit feedback functions. It is observable if and only if its output function is dependent on the first state bit. In the second type, each Galois NFSR has the state transition matrix, in which the position of the element 1 in the first column is $2^m+1$ with positive integer $m\leq n-1$ for the NFSR's stage number $n$. It has $2^m$ cycles of length $2^{n-m}$, and it is observable if its output function is dependent on all the state bits whose indices are no smaller than $n-m+1$.

Common block ciphers like AES specified by the NIST or KASUMI (A5/3) of GSM are extensively utilized by billions of individuals globally to protect their privacy and maintain confidentiality in daily communications. However, these ciphers lack comprehensive security proofs against the vast majority of known attacks. Currently, security proofs are limited to differential and linear attacks for both AES and KASUMI. For instance, the consensus on the security of AES is not based on formal mathematical proofs but on intensive cryptanalysis over its reduced rounds spanning several decades. In this work, we introduce new security proofs for AES against another attack method: impossible differential (ID) attacks. We classify ID attacks as reciprocal and nonreciprocal ID attacks. We show that sharp and generic lower bounds can be imposed on the data complexities of reciprocal ID attacks on substitution permutation networks. We prove that the minimum data required for a reciprocal ID attack on AES using a conventional ID characteristic is $2^{66}$ chosen plaintexts whereas a nonreciprocal ID attack involves at least $2^{88}$ computational steps. We mount a nonreciprocal ID attack on 6-round AES for 192-bit and 256-bit keys, which requires only $2^{18}$ chosen plaintexts and outperforms the data complexity of any attack. Given its marginal time complexity, this attack does not pose a substantial threat to the security of AES. However, we have made enhancements to the integral attack on 6-round AES, thereby surpassing the longstanding record for the most efficient attack after a period of 23 years.