International Association
for Cryptologic Research

To be competitive with other signature schemes, the MLWE instance $\bf (A,t)$ on which Dilithium is based is compressed: the least significant bits of $\bf t$, which are denoted $\textbf{t}_0$, are considered part of the secret key. Knowing $\bf t_0$ does not provide any information about the other data in the secret key, but it does allow the construction of much more efficient side-channel attacks. Yet to the best of our knowledge, there is no kown way to recover $\bf t_0$ from Dilithium signatures. In this work, we show that each Dilithium signature leaks information on $\bf t_0$, then we construct an attack that retrieves the vector $\bf t_0$ from Dilithium signatures. Experimentally, for Dilithium-2, $4\,000\,000$ signatures and $2$ hours are sufficient to recover $\textbf{t}_0$ on a desktop computer.

Achieving malicious security with high efficiency in dishonest-majority secure multiparty computation is a formidable challenge. The milestone works SPDZ and TinyOT have spawn a large family of protocols in this direction. For boolean circuits, state-of-the-art works (Cascudo et. al, TCC 2020 and Escudero et. al, CRYPTO 2022) have proposed schemes based on reverse multiplication-friendly embedding (RMFE) to reduce the amortized cost. However, these protocols are theoretically described and analyzed, resulting in a significant gap between theory and concrete efficiency.

Our work addresses existing gaps by refining and correcting several issues identified in prior research, leading to the first practically efficient realization of RMFE. We introduce an array of protocol enhancements, including RMFE-based quintuples and (extended) double-authenticated bits, aimed at improving the efficiency of maliciously secure boolean and mixed circuits. The culmination of these efforts is embodied in Coral, a comprehensive framework developed atop the MP-SPDZ library. Through rigorous evaluation across multiple benchmarks, Coral demonstrates a remarkable efficiency gain, outperforming the foremost theoretical approach by Escudero et al. (which incorporates our RMFE foundation albeit lacks our protocol enhancements) by a factor of 16-30×, and surpassing the leading practical implementation for Frederiksen et al. (ASIACRYPT 2015) by 4-7×.

Event date: 24 September to 26 September 2024

Location: Clayton campus

Employment Type: Full-time

Duration: Continuing appointments

Remuneration:

$114,951 - $136,505 pa Level B (plus 17% employer superannuation)

$140,812 - $162,366 pa Level C (plus 17% employer superannuation)

Advance your career with cutting-edge Teaching and Research

World-class teaching facilities and research

Address real-world challenges and achieve impactful outcomes

Join the Future of IT at Monash University!

The Faculty of Information Technology at Monash University in Melbourne, Australia, is seeking dynamic and innovative individuals for multiple Level B Lecturer and Level C Senior Lecturer positions across three departments:

Department of Data Science and Artificial Intelligence (DSAI)

Department of Software Systems and Cybersecurity (SSC)

Department of Human-Centred Computing (HCC)

To find out more about career opportunities within the Faculty of IT visit our website.

Closing date for applications:

Contact:

Professor Dinh Phung, Head of Department, Data Science and AI, Dinh.Phung@monash.edu

Professor Monica Whitty, Head of Department, Software Systems and Cybersecurity, Monica.Whitty@monash.edu

Professor Helen Purchase, Head of Human Centred Computing, Helen.Purchase@monash.edu

More information: https://careers.pageuppeople.com/513/cw/en/job/667442/faculty-of-information-technology-academic-opportunities

The Department of Cybersecurity in the Golisano College of Computing and Information Sciences at RIT invites applications for a full-time tenure-track assistant professor position in the field of cybersecurity, beginning August 2025, with special interest in candidates whose research intersects with artificial intelligence, or which makes use of AI techniques.

Read more about the Department of Cybersecurity and the ESL Global Cybersecurity Institute at RIT here: https://csec.rit.edu/ and https://www.rit.edu/cybersecurity/

Please find more details regarding the position by following the Apply link below.

Required Minimum Qualifications

• Ph.D. in a computing or related discipline by date of appointment.
• Recent scholarly dissemination record that demonstrates exceptional potential in cybersecurity research; e.g. venues like IEEE Security & Privacy, USENIX Security, CCS, NDSS, etc.
• Demonstrated evidence of experience or potential to establish an independent, externally funded research program.
• Commitment and potential to teach effectively at the undergraduate and graduate levels, and the ability to mentor master/doctoral students.
• An interest in working in a collaborative, collegial department and among colleagues in the department, college, and institution.
• Ability to contribute in meaningful ways to the college's continuing commitment to cultural diversity, pluralism, and individual differences.
• Ability to communicate effectively in English.

Apply: Use Keyword Search 9160BR here: https://careers.rit.edu/faculty

Priority Deadline: Dec. 4

Closing date for applications:

Contact: Prof. Bill Brumley (bbbics AT rit DOT edu)

More information: https://careers.rit.edu/faculty

My name is Francis TSAKOU TEZEM, holder of a master 2 in the field of mathematical and computer sciences with a general weighted average of 3.51/4. As part of my research work in Master 2 in Algebra and Applications, I am focusing on a fascinating and crucial area of ​​modern cryptography: the resolution of the rank metric decoding problem. This specific branch of cryptography is essential to ensure the security of digital communications and transactions in an increasingly connected world. My research project aims to explore advanced rank metric decoding techniques, a crucial approach to securing sensitive information exchanged over computer networks. In particular, I am interested in understanding and improving the algorithms underlying the resolution of this complex problem. Working on this topic, I strive to develop new innovative methods and approaches to strengthen the security of cryptographic systems used in various fields, such as secure communication, online financial transactions and personal data protection. My goal is to expand current knowledge in cryptography and make meaningful contributions to this evolving field. By combining my skills in algebra with a deep understanding of the practical applications of cryptography, I seek to provide efficient and robust solutions to the rank metric decoding problem, thereby helping to strengthen the cybersecurity and privacy of digital exchanges at the same time era of digital transformation.

Closing date for applications:

Contact: Prof. NDJEYA Selestin Email : ndjeyas@yahoo.fr Dr. Hervé TALE KALACHI Email : hervekalachi@gmail.com

Candidates for applied cryptography domain must comprehend formal security analysis, secure coding, and effective security integration in the application domains. Candidates for ML/AI domain, must comprehend seach/optimization algorithms, classification, regression and other essential aspects.

Closing date for applications:

Contact: Contact: Arijit Karati (arijit.karati@mail.cse.nsysu.edu.tw)

A position for a PhD student is available for the Cryptography and Cyber Security Research Group in the Computer Science Research Centre at University of Surrey, UK. The research topic of the PhD program is Post-Quantum Cryptography.

The successful candidate will primarily be working on the following topics (but not limited to): classical and quantum cryptanalysis, cryptographic constructions based on lattice and other hard problems, and efficient algorithms for both attacks and secure implementations. The exact topics could be tailored to the candidate’s background and interests.

This position is based at the internationally renowned Surrey Cyber Security Centre, which regularly publishes in top security venues, and consists of an international, diverse, and inclusive team with expertise in various aspects of security, privacy, and their applications.

Apply through the link https://www.surrey.ac.uk/fees-and-funding/studentships/phd-post-quantum-cryptography

Closing date for applications:

Contact: Chaoyun Li (c.li@surrey.ac.uk)

More information: https://www.surrey.ac.uk/fees-and-funding/studentships/phd-post-quantum-cryptography

Privacy-Preserving Machine Learning is one of the most relevant use cases for Secure Multiparty Computation (MPC). While private training of large neural networks such as VGG-16 or ResNet-50 on state-of-the-art datasets such as Imagenet is still out of reach, given the performance overhead of MPC, private inference is starting to achieve practical runtimes. However, we show that in contrast to plaintext machine learning, the usage of GPU acceleration for both linear and nonlinear neural network layers is actually counterproductive in PPML and leads to performance and scaling penalties. This can be observed by slow ReLU performance, high GPU memory requirements, and inefficient batch processing in state-of-the-art PPML frameworks, which hinders them from scaling to multiple images per second inference throughput and more than eight images per batch on ImageNet. To overcome these limitations, we propose PIGEON, an open-source framework for Private Inference of Neural Networks. PIGEON utilizes a novel ABG programming model that switches between \underline{A}rithmetic vectorization, \underline{B}itslicing, and \underline{G}PU offloading depending on the MPC-specific computation required by each layer. Compared to the state-of-the-art PPML framework Piranha, PIGEON achieves two orders of magnitude improvements in ReLU throughput, reduces peak GPU memory utilization by one order of magnitude, and scales better with large batch size. This translates to one to two orders of magnitude improvements in throughput for large ImageNet batch sizes (e.g. 192) and more than 70\% saturation of a 25 Gbit/s network.

In recent years, ML based differential distinguishers have been explored and compared with the classical methods. Complexity of a key recovery attack on block ciphers is calculated using the probability of a differential distinguisher provided by classical methods. Since theoretical computations suffice to calculate the data complexity in these cases, so there seems no restrictions on the practical availability of computational resources to attack a block cipher using classical methods. However, ML based differential cryptanalysis is based on the machine learning model that uses encrypted data to learn its features using available compute power. This poses a restriction on the accuracy of ML distinguisher for increased number of rounds and ciphers with large block size. Moreover, we can still construct the distinguisher but the accuracy becomes very low in such cases. In this paper, we present a new approach to construct the differential distinguisher with high accuracy using the existing ML based distinguisher of low accuracy. This approach outperforms all existing approaches with similar objective. We demonstrate our method to construct the high accuracy ML based distinguishers for GIFT-128 and ASCON permutation. For GIFT-128, accuracy of 7-round distinguisher is increased to 98.8% with $2^{9}$ data complexity. For ASCON, accuracy of 4-round distinguisher is increased to 99.4% with $2^{18}$ data complexity. We present the first ML based distinguisher for 8 rounds of GIFT-128 using the differential-ML distinguisher presented in Latincrypt-2021. This distinguisher is constructed with 99.8% accuracy and $2^{18}$ data complexity.

A Trusted Execution Environment (TEE) is a new type of security technology, implemented by CPU manufacturers, which guarantees integrity and confidentiality on a restricted execution environment to any remote verifier. TEEs are deployed on various consumer and commercial hardwareplatforms, and have been widely adopted as a component in the design of cryptographic protocols both theoretical and practical.

Within the provable security community, the use of TEEs as a setup assumption has converged to a standard ideal definition in the Universal Composability setting ($G_\mathsf{att}$, defined by Pass et al., Eurocrypt '17). However, it is unclear whether any real TEE design can actually implement this, or whether the diverse capabilities of today's TEE implementations will in fact converge to a single standard. Therefore, it is necessary for cryptographers and protocol designers to specify what assumptions are necessary for the TEE they are using to support the correctness and security of their protocol.

To this end, this paper provides a more careful treatment of trusted execution than the existing literature, focusing on the capabilities of enclaves and adversaries. Our goal is to provide meaningful patterns for comparing different classes of TEEs , particularly how a weaker TEE functionality can UC-emulate a stronger one given an appropriate mechanism to bridge the two. We introduce a new, ``modular'' definition of TEEsthat captures a broad range of pre-existing functionalities defined in the literature while maintaining their high level of abstraction. While our goal is not directly to model implementations of specific commercial TEE providers, our modular definition provides a way to capture more meaningful and realistic hardware capabilities. We provide a language to characterise TEE capabilities along the following terms: - a set of trusted features available to the enclave; - the set of allowed attacks for malicious interactions with the enclaves; - the contents of attestation signatures. We then define various possible ideal modular $G_\mathsf{att}$ functionality instantiations that capture existing variants in the literature, and provide generic constructions to implement stronger enclave functionalities from an existing setup. Finally, we conclude the paper with a simple example of how to protect against rollback attacks given access to a trusted storage feature.

Due to their simplicity, compactness, and algebraic structure, BLS signatures are among the most widely used signatures in practice. For example, used as multi-signatures, they are integral in Ethereum's proof-of-stake consensus. From the perspective of concrete security, however, BLS (multi-)signatures suffer from a security loss linear in the number of signing queries. It is well-known that this loss can not be avoided using current proof techniques.

In this paper, we introduce a new variant of BLS multi-signatures that achieves tight security while remaining fully compatible with regular BLS. In particular, our signatures can be seamlessly combined with regular BLS signatures, resulting in regular BLS signatures. Moreover, it can easily be implemented using existing BLS implementations in a black-box way. Our scheme is also one of the most efficient non-interactive multi-signatures, and in particular more efficient than previous tightly secure schemes. We demonstrate the practical applicability of our scheme by showing how proof-of-stake protocols that currently use BLS can adopt our variant for fully compatible opt-in tight security.

Kyber was selected by NIST as a Post-Quantum Cryptography Key Encapsulation Mechanism standard. This means that the industry now needs to transition and adopt these new standards. One of the most demanding operations in Kyber is the modular arithmetic, making it a suitable target for optimization. This work offers a novel modular reduction design with the lowest area on Xilinx FPGA platforms. This novel design, through K-reduction and LUT-based reduction, utilizes 49 LUTs and 1 DSP as opposed to Xing and Li’s 2021 CHES design requiring 90 LUTs and 1 DSP for one modular multiplication. Our design is the smallest modular multiplier reported as of today.

Applications are invited for the MS and PhD positions at the Department of Computer Science and Engineering, National Sun Yat-sen University, Kaohsiung, Taiwan. The successful candidate will work under the guidance of Dr. Arijit Karati on the diverse topics in applied cryptology and network security.

Candidates for applied cryptography domain must comprehend formal security analysis, secure coding, and effective security integration in the application domains.

Candidates for ML/AI domain, must comprehend seach/optimization algorithms, classification, regression and other essential aspects.

Responsibilities: Apart from academic work, student must involve in several activities in a group or individually, such as (not limited to):

Design and implementation of safety protocol.

Assesment of the security and performance metric.

Research meeting with the supervisor.

Requirements: (02 MS and 02 PhD positions)
Apart from the university's basic admission policies (https://cse.nsysu.edu.tw/?Lang=en), students are desired to have following key requirements:

Strong motivation on cryptography or AI security.

Knowledge of modern technology.

Knowledge of basic mathematics.

Knowledge of at least two programming languages, such as Python/Java/C/C++.

Master's thesis must match respective research fields. (for Phd positions)

Scholarship:

Under the university policy.

Project funding (based on availability for MS/Ph.D. students).

What students can expect:

Cooperation from the supervisor and labmates.

The rich culture in research and related activities.

Flexibility in communication, e.g., English.

What the supervisor can expect:
Apart from academic and research works, students are expected to have

Good moral character.

Hardworking and dedication.

Deadline for online application: September 30, 2024

Closing date for applications:

Contact: Arijit Karati (arijit.karati@mail.cse.nsysu.edu.tw)

More information: https://www.canseclab.com/

Homomorphic encryption is a cryptographic technique that enables arithmetic operations to be performed on encrypted data. However, word-wise fully homomorphic encryption schemes, such as BGV, BFV, and CKKS schemes, only support addition and multiplication operations on ciphertexts. This limitation makes it challenging to perform non-linear operations directly on the encrypted data. To address this issue, prior research has proposed efficient approximation techniques that utilize iterative methods, such as functional composition, to identify optimal polynomials. These approximations are designed to have a low multiplicative depth and a reduced number of multiplications, as these criteria directly impact the performance of the approximated operations.

In this paper, we propose a novel method, named as adaptive successive over-relaxation (aSOR), to further optimize the approximations used in homomorphic encryption schemes. Our experimental results show that the aSOR method can significantly reduce the computational effort required for these approximations, achieving a reduction of 2–9 times compared to state-of-the-art methodologies. We demonstrate the effectiveness of the aSOR method by applying it to a range of operations, including sign, comparison, ReLU, square root, reciprocal of m-th root, and division. Our findings suggest that the aSOR method can greatly improve the efficiency of homomorphic encryption for performing non-linear operations.

Digital signatures are fundamental building blocks in various protocols to provide integrity and authenticity. The development of the quantum computing has raised concerns about the security guarantees afforded by classical signature schemes. CRYSTALS-Dilithium is an efficient post-quantum digital signature scheme based on lattice cryptography and has been selected as the primary algorithm for standardization by the National Institute of Standards and Technology. In this work, we present a high-throughput GPU implementation of Dilithium. For individual operations, we employ a range of computational and memory optimizations to overcome sequential constraints, reduce memory usage and IO latency, address bank conflicts, and mitigate pipeline stalls. This results in high and balanced compute throughput and memory throughput for each operation. In terms of concurrent task processing, we leverage task-level batching to fully utilize parallelism and implement a memory pool mechanism for rapid memory access. We propose a dynamic task scheduling mechanism to improve multiprocessor occupancy and significantly reduce execution time. Furthermore, we apply asynchronous computing and launch multiple streams to hide data transfer latencies and maximize the computing capabilities of both CPU and GPU. Across all three security levels, our GPU implementation achieves over 160× speedups for signing and over 80× speedups for verification on both commercial and server-grade GPUs. This achieves microsecond-level amortized execution times for each task, offering a high-throughput and quantum-resistant solution suitable for a wide array of applications in real systems.

In this work, we consider the setting where one or more users with low computational resources would lie to outsource the task of proof generation for SNARKs to one external entity, named Prover. We study the scenario in which Provers have access to all statements and witnesses to be proven beforehand. We take a different approach to proof aggregation and design a new protocol that reduces simultaneously proving time and communication complexity, without going through recursive proof composition. Our two main contributions: We first design FLIP, a communication efficient folding scheme where we apply the Inner Pairing Product Argument to fold R1CS instances of the same language into a single relaxed R1CS instance. Then, any proof system for relaxed R1CS language can be applied to prove the final instance. As a second contribution, we build a novel variation of Groth16 with the same communication complexity for relaxed R1CS and two extra pairings for verification, with an adapted trusted setup. Compared to SnarkPack - a prior solution addressing scaling for multiple Groth16 proofs - our scheme improves in prover complexity by orders of magnitude, if we consider the total cost to generated the SNARK proofs one by one and the aggregation effort. An immediate application of our solution is Filecoin, a decentralized storage network based on incentives that generates more than 6 million SNARKs for large circuits of 100 million constraints per day.

In this paper, we present an improved attack on the stream cipher Salsa20. Our improvements are based on two technical contributions. First, we make use of a distribution of a linear combination of several random variables that are derived from different differentials and explain how to exploit this in order to improve the attack complexity. Secondly, we study and exploit how to choose the actual value for so-called probabilistic neutral bits optimally. Because of the limited influence of these key bits on the computation, in the usual attack approach, these are fixed to a constant value, often zero for simplicity. As we will show, despite the fact that their influence is limited, the constant can be chosen in significantly better ways, and intriguingly, zero is the worst choice. Using this, we propose the first-ever attack on 7.5-round of $128$-bit key version of Salsa20. Also, we provide improvements in the attack against the 8-round of $256$-bit key version of Salsa20 and the 7-round of $128$-bit key version of Salsa20.

Data availability sampling allows clients to verify availability of data on a peer-to-peer network provided by an untrusted source. This is achieved without downloading the full data by sampling random positions of the encoded data.

The long-term vision of the Ethereum community includes a comprehensive data availability protocol using polynomial commitments and tensor codes. As the next step towards this vision, an intermediate solution called PeerDAS is about to integrated, to bridge the way to the full protocol. With PeerDAS soon becoming an integral part of Ethereum's consensus layer, understanding its security guarantees is essential.

This document aims to describe the cryptography used in PeerDAS in a manner accessible to the cryptographic community, encouraging innovation and improvements, and to explicitly state the security guarantees of PeerDAS.

Self-Sovereign Identity (SSI) empowers individuals and organizations with full control over their data. Decentralized identifiers (DIDs) are at its center, where a DID contains a collection of public keys associated with an entity, and further information to enable entities to engage via secure and private messaging across different platforms. A crucial stepping stone is DIDComm, a cryptographic communication layer that is in production with version 2. Due to its widespread and active deployment, a formal study of DIDComm is highly overdue.

We present the first formal analysis of DIDComm’s cryptography, and formalize its goal of (sender-) anonymity and authenticity. We follow a composable approach to capture its security over a generic network, formulating the goal of DIDComm as a strong ideal communication resource. We prove that the proposed encryption modes reach the expected level of privacy and authenticity, but leak beyond the leakage induced by an underlying network (captured by a parameterizable resource).

We further use our formalism to propose enhancements and prove their security: first, we present an optimized algorithm that achieves simultaneously anonymity and authenticity, conforming to the DIDComm message format, and which outperforms the current DIDComm proposal in both ciphertext size and computation time by almost a factor of 2. Second, we present a novel DIDComm mode that fulfills the notion of anonymity preservation, in that it does never leak more than the leakage induced by the network it is executed over. We finally show how to merge this new mode into our improved algorithm, obtaining an efficient all-in-one mode for full anonymity and authenticity.