17 February 2025
Amik Raj Behera, Pierre Meyer, Claudio Orlandi, Lawrence Roy, Peter Scholl
Existing privately constrained PRFs face significant limitations: either (1) they rely on assumptions known to imply fully-homomorphic encryption or indistinguishability obfuscation, (2) they support only highly restricted classes of constraints—for instance, no known group-based pCPRF even supports the simple class of puncturing constraints (where the constrained key permits evaluation on all but one point while hiding the punctured point), or (3) they are limited to polynomial-size input domains. A long-standing open question has been whether one can construct a privately constrained PRF from group-based assumptions for more expressive classes of constraints. In this work, we present a pCPRF based on the decisional composite residuosity (DCR) assumption that supports a highly expressive class of predicates, namely constraints with polynomially bounded Waring rank, which notably includes puncturing.
From a technical perspective, our work follows the general template of Couteau, Meyer, Passelègue, and Riahinia (Eurocrypt'23), who constructed a pCPRF from group-based homomorphic secret-sharing but were limited to inner-product constraints in the constraint-hiding setting. Leveraging novel techniques for computing with distributed discrete logarithms (DDLog), we enable the non-interactive authentication of powers of linear combinations of shares of some value. This, in turn, allows us to express constraints with polynomially bounded Waring rank.
Our construction is single-key, selectively secure, and supports an exponential-size domain.
Cas Cremers, Esra Günsay, Vera Wesselkamp, Mang Zhao
In this work, we formalize ETK: External-Operations TreeKEM that includes external commits and proposals. We develop a corresponding ideal functionality $F_\mathit{ECGKA}$ and prove that ETK indeed realizes $F_\mathit{ECGKA}$.
Our work is the first cryptographic analysis that considers both the final changes to the standard’s version of TreeKEM as well as external proposals and external commits. Compared to previous works that considered MLS draft versions, our ETK protocol is by far the closest to the final MLS RFC 9420 standard. Our analysis implies that the core of MLS’s TreeKEM variant as defined in RFC 9420 is an ETK protocol that realizes $F_\mathit{ECGKA}$, when used with an SUF-CMA secure signature scheme, such as the IETF variant of Ed25519. We show that contrary to previous claims, MLS does not realize $F_\mathit{ECGKA}$ [Crypto2022] when used with signature schemes that only guarantee EUF-CMA, such as ECDSA.
Moreover, we show that the security of the protocol could be further strengthened by adding a functionality to insert PSKs, allowing another form of healing, and give a corresponding construction ETK-PSK and ideal functionality $F_{\mathit{ECGKA}^\mathit{PSK}}$ .
Simon Holmgaard Kamp, Julian Loss, Jesper Buus Nielsen
In this work, we introduce a new paradigm to construct network agnostic consensus (and MPC) that, for the first time overcome this barrier. Using this new design pattern we first present simple protocols for reliable broadcast (RB) and binary agreement (BA) that are responsive when no more than $t_a$ parties are corrupted and run in expected constant time regardless of the network conditions. We then extend our results to asynchronous common subset (ACS) and MPC. Notably, our approach reverses the order of the synchronous and asynchronous path by designing protocols that are first and foremost asynchronous and only fall back to the synchronous execution path when more than $t_a$ parties are corrupted.
Alessandro Budroni, Andre Esser, Ermes Franch, Andrea Natale
Jesús-Javier Chi-Domínguez
The Delfs-Galbraith algorithm is the most efficient procedure for solving the supersingular isogeny problem with a time complexity of $\tilde{\mathcal{O}}(p^{1/2})$ operations. The bottleneck of the Delfs-Galbraith algorithm is the so-called subfield curve search (i.e., finding an isogenous supersingular elliptic curve defined over the base field), which determines the time complexity.
Given that, for efficiency, most recent isogeny-based constructions propose using finite fields with field characteristics equal to $p = 2^a \cdot f - 1$ for some positive integers $a$ and $f$. This work focuses on primes of that particular form, and it presents two new algorithms for finding subfield curves with a time complexity of $\mathcal{O}(p^{1/2})$ operations and a memory complexity polynomial in $\log_2{p}$. Such algorithms exploit the existence of large torsion-$2^a$ points and extend the subfield root detection algorithm of Santos, Costello, and Shi (Crypto 2022) to our case study. In addition, it is worth highlighting that these algorithms easily extend to primes of the form $p =2^a \cdot f + 1$ and $p = \ell^a \cdot f - 1$ with $\ell$ being a small integer.
This study also examines the usage of radical $3$-isogenies with the proposed extended subfield root detection algorithm. In this context, the results indicate that the radical $3$-isogeny approach is competitive compared with the state-of-the-art algorithms.
Jiajun Xin, Dimitrios Papadopoulos
Jian Liu, Kui Ren, Chun Chen
16 February 2025
Clemson University
Closing date for applications:
Contact: Ryann Cartor, rcartor@clemson.edu
More information: https://apply.interfolio.com/163536
University of Surrey, UK
The Surrey Centre for Cyber Security (SCCS), within the School, has an international reputation in cyber security and resilience research excellence in applied and post-quantum cryptography, security verification and analysis, security and privacy, distributed systems, and networked systems. SCCS is recognised by the National Cyber Security Centre as an Academic Centre of Excellence for Cyber Security Research and Education. Its research was also a core contributor to Surrey’s 7th position in the UK for REF2021 outputs within Computer Science. Surrey was recognised as Cyber University of the Year 2023 at the National Cyber Awards.
Surrey has an internationally leading track record in security and communications research and runs the newly formed Doctoral Training centre in Future Open Secure and Resilient Communications in collaboration with Queens University Belfast with funding for 50 PhD students.
This post sits within SCCS and this role encourages applications in the areas of systems security, web security, cyber-physical systems, cyber resilience, ethical hacking, machine learning for security, with application in various domains with preference in communications, space, banking, and autonomous systems. Candidates with practical security experience and skills will complement our strengths in cryptography and formal verification.
This post will support the growing cohort of students across all undergraduate Computer Science programmes and support students in the highly successful MSc in Cyber Security.
Closing date for applications:
Contact: Professor Steve Schneider (s.schneider@surrey.ac.uk)
More information: https://jobs.surrey.ac.uk/vacancy.aspx?ref=009325
University of Surrey, UK
The Surrey Centre for Cyber Security (SCCS), within the School, has an international reputation in cyber security and resilience research excellence in applied and post-quantum cryptography, security verification and analysis, security and privacy, distributed systems, and networked systems. SCCS is recognised by the National Cyber Security Centre as an Academic Centre of Excellence for Cyber Security Research and Education. Its research was also a core contributor to Surrey’s 7th position in the UK for REF2021 outputs within Computer Science. Surrey was recognised as Cyber University of the Year 2023 at the National Cyber Awards.
Surrey has an international leading track record in security and communications research and runs the newly formed Doctoral Training centre in Future Open Secure and Resilient Communications in collaboration with Queens University Belfast with funding for 50 PhD students.
This post sits within SCCS and this role encourages applications in the areas of systems security, web security, cyber-physical systems, cyber resilience, ethical hacking, machine learning for security, with application in various domains with preference in communications, space, banking, and autonomous systems. Candidates with practical security experience and skills will complement our strengths in cryptography and formal verification.
This post will support the growing cohort of students across all undergraduate Computer Science programmes and support students in the highly successful MSc in Cyber Security.
Closing date for applications:
Contact: Professor Steve Schneider
More information: https://jobs.surrey.ac.uk/vacancy.aspx?ref=009425
Adva Network Security; Munich, Germany
Responsibilities
• Research and develop innovative and secure solutions for key-exchange, encryption and authentication in optical networks.
• Analyze the security of cryptographic algorithms and protocols.
• Collaborate with the research community in national and international projects.
• Demonstrate technical excellence at conferences or workshops.
Requirements
• Master’s degree in Electrical Engineering, Computer Science, Mathematics or a related field.
• Good knowledge of cryptographic concepts and information security principles.
• Solid programming skills in (C and Python preferred).
• Good presentation, communication, and scientific writing skills.
• Fluent in oral and written English, fluency in German is a plus.
Apply here: https://adtran.wd3.myworkdayjobs.com/en-US/ANS/job/Berlin-ANS-Germany/Engineer-Advanced-Technology--M-F-D----PhD_R003928
Closing date for applications:
Contact: Dr. Helmut Griesser [Helmut'Griesser(a)advasecurity'com]
More information: https://adtran.wd3.myworkdayjobs.com/en-US/ANS/job/Berlin-ANS-Germany/Engineer-Advanced-Technology--M-F-D----PhD_R003928
14 February 2025
Yael Eisenberg, Christopher Havens, Alexis Korb, Amit Sahai
Tim Beyne, Yu Long Chen, Michiel Verbauwhede
We present a new nonce-misuse resistant and key-committing authenticated encryption scheme, called ChaCha20-Poly1305-PSIV, that is based on carefully combining the ChaCha20-Poly1305 building blocks into the NSIV paradigm proposed by Peyrin and Seurin (CRYPTO 2016) without performance loss. We analyze the security of the underlying mode PSIV in the multi-user faulty-nonce model assuming that the underlying permutation is ideal, and prove its key-committing security in the cmt-1 model. Rust and C implementations are provided, and benchmarks confirm that performance is comparable to the ChaCha20-Poly1305 implementation in libsodium.
In terms of security and efficiency (without hardware support), our proposal compares favorably to AES-GCM-SIV. Since we reuse the ChaCha20-Poly1305 building blocks, we expect ChaCha20-Poly1305-PSIV to benefit from existing analysis and to be easy to deploy in practice.
Brandon Goodell, Rigo Salazar, Freeman Slaughter
Nico Döttling, Alexander Koch, Sven Maier, Jeremias Mechler, Anne Müller, Jörn Müller-Quade, Marcel Tieplet
János Tapolcai, Bence Ladóczki, Ábel Nagy
13 February 2025
Hayder Tirmazi
Erik-Oliver Blass, Guevara Noubir
Our key insight is that securely computing the (threshold) Hamming distance between two inputs can be reduced to securely computing their inner product. Leveraging this reduction, we construct a Fuzzy PSI protocol using recent techniques for inner-product predicate encryption. To enable the use of predicate encryption in our setting, we establish that these predicate encryption schemes satisfy a weak notion of simulation security and demonstrate how their internal key derivation can be efficiently distributed without a trusted third party.
As a result, our Fuzzy PSI on top of predicate encryption features not only asymptotically optimal linear communication complexity but is also concretely practical.
Intak Hwang, Seonhong Min, Yongsoo Song
One effective solution to this problem is an additional algorithm for FHE called sanitization, introduced by Ducas and Stehlé (Eurocrypt 2016). Roughly speaking, a sanitization algorithm removes any meaningful information contained in the ciphertext, including previous evaluations of circuits. Following their definition, several constructions for sanitization have been proposed, particularly for TFHE. However, all of these methods were impractical, requiring several bootstrappings or an excessive amount of randomized evaluations.
In this work, we construct a novel sanitization algorithm for TFHE that overcomes these issues. Our method only adds two lightweight randomization steps to the original TFHE bootstrapping, without any modifications to the core algorithms. As a result, our algorithm achieves sanitization with a single bootstrapping and minimal randomization, bringing sanitization closer to practicality.
To empirically evaluate the efficiency of our method, we provide concrete benchmark results based on our proof-of-concept implementation. Our algorithm sanitizes a single TFHE ciphertext in 35.88 ms, which is only 3.4% (1.18 ms) slower than the original TFHE bootstrapping with the same parameters. When directly compared to previous works, our method achieves a speedup by a factor of 4.82 to 209.03.