International Association
for Cryptologic Research

The Cryptography and Privacy Engineering Group (ENCRYPTO) @CS Department @Technical University of Darmstadt offers a fully funded position as Doctoral Researcher (Research Assistant/PhD Student) in Private Machine Learning for Mobile Applications to be filled as soon as possible for 3 years with the possibility of extension.
Job description: You'll work in the research training group/doctoral college Privacy&Trust for Mobile Users funded by the German Research Foundation (DFG). In our subproject, we build cryptography-based private machine learning services for mobile applications and investigate their legal applicability (data protection) and economic feasibility in interdisciplinary collaborations. You conduct research, implement prototypes, and publish&present the results at top venues. You'll participate in teaching and supervise thesis students & student assistants.
We offer: We demonstrate that privacy is efficiently protectable in real-world applications via cryptographic protocols. Our open and international working environment facilitates excellent research in a sociable team. TU Darmstadt is a top research university for IT security, cryptography and CS in Europe. Darmstadt is a very international, livable and well-connected city in the Rhine-Main area around Frankfurt. Knowledge of German is beneficial, but not required, and TU Darmstadt offers corresponding support.
Your profile:

• Completed Master's degree (or equivalent) at a top university with excellent grades in IT security, computer science, or a similar area.
• Extensive knowledge in applied cryptography/IT security and very good software development skills. Knowledge in cryptographic protocols (ideally MPC) is a plus.
• Experience with/motivation for working with other disciplines, e.g., law or economics.
• Self-motivated, reliable, creative, can work independently, and want to do excellent research.
• Our working language is English: able to discuss/write/present scientific results in English. German is beneficial but not required.

Application deadline: Nov 17, 2021 (Extended). Later applications are considered.

Closing date for applications:

Contact: Thomas Schneider (application@encrypto.cs.tu-darmstadt.de)

More information: https://encrypto.de/2021-RTG-EN

Asiacrypt 2021, the 27th Annual International Conference on the Theory and Application of Cryptology and Information Security, will take place virtually on December 6-10, 2021.

Registration is now open: https://asiacrypt.iacr.org/2021/registration.php

For questions please contact the General Chair: asiacrypt2021@iacr.org

The masking countermeasure is widely used to protect cryptographic implementations against side-channel attacks. While many masking schemes are shown to be secure in the widely deployed probing model, the latter raised a number of concerns regarding its relevance in practice. Offering the adversary the knowledge of a fixed number of intermediate variables, it does not capture the so-called horizontal attacks which exploit the repeated manipulation of sensitive variables. Therefore, recent works have focused on the random probing model in which each computed variable leaks with some given probability $p$. This model benefits from fitting better the reality of the embedded devices. In particular, Belaïd, Coron, Prouff, Rivain, and Taleb (CRYPTO 2020) introduced a framework to generate random probing circuits. Their compiler somehow extends base gadgets as soon as they satisfy a notion called random probing expandability (RPE). A subsequent work from Belaïd, Rivain, and Taleb (EUROCRYPT 2021) went a step forward with tighter properties and improved complexities. In particular, their construction reaches a complexity of $\mathcal{O}(\kappa^{3.9})$, for a $\kappa$-bit security, while tolerating a leakage probability of $p=2^{-7.5}$.

In this paper, we generalize the random probing expansion approach by considering a dynamic choice of the base gadgets at each step in the expansion. This approach makes it possible to use gadgets with high number of shares --which enjoy better asymptotic complexity in the expansion framework-- while still tolerating the best leakage rate usually obtained for small gadgets. We investigate strategies for the choice of the sequence of compilers and show that it can reduce the complexity of an AES implementation by a factor $10$. We also significantly improve the asymptotic complexity of the expanding compiler by exhibiting new asymptotic gadget constructions. Specifically, we introduce RPE gadgets for linear operations featuring a quasi-linear complexity as well as an RPE multiplication gadget with linear number of multiplications. These new gadgets drop the complexity of the expanding compiler from quadratic to quasi-linear.

This paper presents the details of one of the two cryptographic remote e-voting protocols used in Russian parliamentary elections of 2021. As the official full version of the scheme has never been published by the election organisers, our paper aims at putting together as complete picture as possible from various incomplete sources. As all the currently available sources are in Russian, our presentation also aims at serving the international community by making the description available in English for further studies. In the second part of the paper we provide an initial analysis of the protocol, identifying the potential weaknesses under the assumptions of corruption of the relevant key components. As a result we conclude that the biggest problems of the system stem from weak voter authentication. In addition, as it was possible to vote from any device with a browser and Internet access, the attack surface was relatively large in general.

State-separating proofs (SSPs) are a recent proof and definition style for cryptographic security games in pseudo-code. SSPs allow to carry out computational security reductions for cryptography such that "irrelevant code" can be dealt with syntactically and does not require reasoning about execution semantics. Real-world protocols have notoriously long specifications, and the SSP style of breaking down security games and identifying subgames enables the analysis of such protocols. Indeed, SSPs have been used to analyze the key schedules of TLS (ePrint 2021/467) and MLS (S&P 2022). Similarly, secure multi-party computation (MPC) protocols tend to have lengthy specifications. In this work, we explore how to use SSP techniques in the MPC context and for simulation-based security. On the example of Yao's circuit garbling scheme, we adapt the definitional style of SSPs and show that structuring the circuit and security proof in a layered way allows for a brief, compelling, syntactic construction of the reductions required in the hybrid proof of Yao's garbling scheme.

The field of post-quantum cryptography aims to develop and analyze algorithms that can withstand classical and quantum cryptanalysis. The NIST PQC standardization process, now in its third round, specifies ease of protection against side-channel analysis as an important selection criterion. In this work, we develop and validate a masked hardware implementation of Saber key encapsulation mechanism, a third-round NIST PQC finalist. We first design a baseline lightweight hardware architecture of Saber and then apply side-channel countermeasures. Our protected hardware implementation is significantly faster than previously reported protected software and software/hardware co-design implementations. Additionally, applying side-channel countermeasures to our baseline design incurs approximately 2.9x and 1.4x penalty in terms of the number of LUTs and latency, respectively, in modern FPGAs.

Many currently deployed public-key cryptosystems are based on the difficulty of the discrete logarithm and integer factorization problems. However, given an adequately sized quantum computer, these problems can be solved in polynomial time as a function of the key size. Due to the future threat of quantum computing to current cryptographic standards, alternative algorithms that remain secure under quantum computing are being evaluated for future use. One such algorithm is CRYSTALS-Dilithium, a lattice-based digital signature scheme, which is a finalist in the NIST Post Quantum Cryptography (PQC) competition. As a part of this evaluation, high-performance implementations of these algorithms must be investigated. This work presents a high-performance implementation of CRYSTALS-Dilithium targeting FPGAs. In particular, we present a design that achieves the best latency for an FPGA implementation to date. We also compare our results with the most-relevant previous work on hardware implementations of NIST Round 3 post-quantum digital signature candidates.

We propose two zero-knowledge arguments for arithmetic circuits with fan-in 2 gates in the uniform random string model. Our first protocol features $O(\sqrt{\log_2 N})$ communication and round complexities and $O(N)$ computational complexity for the verifier, where $N$ is the size of the circuit. Our second protocol features $O(\log_2N)$ communication and $O(\sqrt{N})$ computational complexity for the verifier. We prove the soundness of our arguments under the discrete logarithm assumption or the double pairing assumption, which is at least as reliable as the decisional Diffie-Hellman assumption. The main ingredient of our arguments is two different generalizations of B\"unz et al.'s Bulletproofs inner-product argument (IEEE S\&P 2018) that convinces a verifier of knowledge of two vectors satisfying an inner-product relation. For a protocol with sublogarithmic communication, we devise a novel method to aggregate multiple arguments for bilinear operations such as multi-exponentiations, which is essential for reducing communication overheads. For a protocol with a sublinear verifier, we develop a generalization of the discrete logarithm relation assumption, which is essential for reducing verification overhead while keeping the soundness proof solely relying on the discrete logarithm assumption. These techniques are of independent interest.

In this paper, we give the first formal security analysis on the one-more unforgeability of blind ECDSA. We start with giving a general attack on blind ECDSA, which is similar to the ROS attack on the blind Schnorr signature. We formulate the ECDSA-ROS problem to capture this attack.

Next, we give a generic construction of blind ECDSA based on an additive homomorphic encryption and a corresponding zero-knowledge proof. Our concrete instantiation is about 40 times more bandwidth efficient than the blind ECDSA in AsiaCCS 2019.

After that, we give the first formal proof of one-more unforgeability for blind ECDSA, under a new model called algebraic bijective random oracle. The security of our generic blind ECDSA relies on the hardness of a discrete logarithm-based interactive assumption and an assumption of the underlying elliptic curve.

Finally, we analyze the hardness of the ECDSA-ROS problem in the algebraic bijective random oracle model.

As a Privacy and Cryptography Engineer at Apheris, your primary focus will be driving development of privacy and cryptographic modules in our product core and push it to customers together with a team of great software engineers and data scientists. You will be working on challenging deep tech projects closely together with customers from various industries with a focus on Healthcare, Pharma and Sustainability. With your engineering expertise, you will be responsible for meeting project and product goals and act accordingly to upcoming bottlenecks. You will design and build new features and enhance our product core with innovative technologies, participate in code reviews, and promote engineering best practices in our tech team. We empower you to be a major contributor to the success of projects, customer’s satisfaction, and the advancement of our product core.

What you will do

• Implement privacy and cryptographic modules into our product in a secure, robust and scalable way
• Be a hands-on engineering contributor and promote best practices in our tech team
• Contribute to the writing of scientific whitepapers, Jupyter Notebook tutorials and blog posts about privacy and cryptographic algorithms and their usage in our product
• Contribute to team deliverables following an agile methodology and participate in retrospective sessions to continuously improve the teams’ way of working

You should apply if

• Master or PhD in Computer Science, Mathematics or Cryptography, or equivalent practical experience
• 3 or more years of relevant work experience
• Expert coding skills in Python, including common data science and ML libraries. Further languages are a plus (e.g.,R, C, C++, Go, Rust)
• Solid understanding of privacy technologies and machine learning
• ...

Closing date for applications:

Contact: See link to full text of the job description

More information: https://apheris.jobs.personio.de/job/492987?_pc=222318

Research Internships at Microsoft provide a dynamic environment for research careers with a network of world-class research labs led by globally-recognized scientists and engineers. Our researchers and engineers pursue innovation in a range of scientific and technical disciplines to help solve complex challenges in diverse fields, including computing, healthcare, economics, and the environment.

The Cryptography and Privacy Research Group is hiring interns for the summer of 2022. We are seeking strong candidates to work with our renowned researchers on various topics. We are particularly interested in privacy-preserving ML, privacy and transparency techniques for digital identity systems and public key infrastructures, account/identity/password recovery, and web privacy/security, including fraud detection and prevention. We encourage all PhD students with relevant technical background in any of these topics to apply as soon as possible, as we will start interviewing immediately.

For summer internships, we typically work closely with Microsoft product groups (Teams, Edge, to name a few) to bring research ideas to real life. The internships often involve prototyping the research results, so a strong candidate is expected to have some proficiency in programming and interest in working alongside our engineers.

More information and application at https://careers.microsoft.com/us/en/job/1195145/Research-Intern-Privacy-and-Cryptography

Closing date for applications:

Contact: Kim Laine (kim.laine@microsoft.com)

We have a fully funded position to pursue a PhD (or join us as a postdoc) as part of our French-German project Propolis on Smart City Privacy, in a consortium with Eurecom, SAP, and The Urban Institute: https://propolis-project.eu/ . We will primarily work on publishing location trajectories with DP guarantees and differentially private ML on location data (for instance for traffic management, public security, and risk management in smart cities).

We can hire MSc graduates from CS, math and related fields who would like to pursue a PhD, or PostDocs to prepare them for academic/industry careers -- or to keep them with us for a while (including co-supervision of MSc/PhD students, if applicable). We are and will remain a small, international, diverse team with close interaction. Good command of the English language is necessary (no German needed), and we recruit based on qualification and commitment. We focus on positive working environments and the quality of results.

Closing date for applications:

Contact: Thorsten Strufe and Javier Parra-Arnau

More information: https://ps.tm.kit.edu/english/200.php

Four fully funded positions to do a PhD or Post-Doc (co-supervision of PhD students, in case of interest) on 6G security and privacy (location privacy, availability, security architectures, practical quantum key generation) at KIT/KASTEL and Excellence Cluster CeTI.

Closing date for applications:

Contact: Thorsten Strufe

More information: https://ps.tm.kit.edu/english/200.php

Event date: to
Submission deadline: 21 March 2022
Notification: 6 June 2022

In a fast changing world, it takes pioneering spirit to create trustworthy technology. We enable secure connectivity and payment solutions for billions of people around the globe. At G+D Mobile Security, you will play a key role in realizing the digital transformation.

G+D Mobile Security is looking for a Cryptography Engineer (m/f/d) for its Cryptology department at its Munich Headquarters as soon as possible

Job description:

• Secure implementation of cryptographic algorithms and security relevant OS components for smart cards in assembler
• Optimization regarding run time and memory consumption
• Design and implementation of countermeasures to defend against hardware related attacks against smart cards
• Analysis of the results of side-channel attacks and derivation of effective countermeasures

Your Profile:

• Background in mathematics, computer science or electronic engineering
• Ideally PhD in cryptography or 3+ years experience in cryptography or related area
• Programming skills in assembler for 8/16/32 bit embedded microcontrollers
• Ideally experience in embedded security and side-channel-attacks

Your benefits:

• High level of responsibility and exciting projects
• Working in an international security technology company
• Very flexible working hours and home office possibilities
• Wide range of training and further education opportunities
• Attractive family benefits such as a summer holiday camp for children
• Other benefits such as an own sports club and a canteen subsidized by the employer

We are looking forward to receiving your application!

https://careers.gi-de.com/job/Munich-Kryptologen-%28mfd%29-81677/723297801/

Closing date for applications:

Contact: Dr. Harald Vater (Harald.Vater (at) gi-de.com)

The candidate will investigate the utilisation of emerging variants of blockchains, such as redactable directed acyclic graph (DAG) based blockchain, as well as proof-of-location techniques for securing IoT and wireless devices. The candidate will work under a supervisory team with high expertise in IoT, wireless networks and protocols from, blockchain and information security, including Dr Djamel Djenouri and Dr Essam Ghadafi. For an informal discussion about the studentship, please email Dr Djamel Djenouri (Djamel.Djenouri@uwe.ac.uk) or Dr Essam Ghadafi (Essam.Ghadafi@uwe.ac.uk).

Closing date for applications:

Contact: Essam Ghadafi (Essam.Ghadafi@uwe.ac.uk)

More information: https://www.uwe.ac.uk/research/postgraduate-research-study/how-to-apply/studentship-opportunities/iot-over-wireless-networks

The CISPA Helmholtz Center for Information Security provides a unique work environment that offers the advantages of a university department and a research laboratory alike. As the latest member of the Helmholtz Association, the largest research organization in Germany, CISPA has embarked on a mission: to rethink the digitalized world of the future from the ground up and make it safer through innovative cutting-edge research. In the medium term, the center will grow to more than 800 employees with 60 Faculty and research group leaders. Faculty receive extremely competitive institutional funding, enjoy academic freedom, and build and lead their team of young researchers, and are granted the opportunity to teach graduate and undergraduate courses.

CISPA is located in Saarbrücken, in the tri-border area of Germany, France, and Luxembourg. We maintain an international and diverse work environment and seek applications from outstanding researchers worldwide. The working language is English. A command of German is not required for a successful career at CISPA.

CISPA is looking for candidates that hold a doctoral degree in computer science or related areas and have an outstanding research track record in all areas related to IT-Security, Privacy and Cryptography, especially in, but not limited to the fields of

software security,

security of critical infrastructure,

embedded systems,

network and distributed system (incl. blockchains) security,

hardware security,

privacy-enhancing technologies,

usable security and privacy,

applied cryptography,

quantum cryptography,

cryptanalysis.

All applicants are expected to build up a research team that pursues an internationally visible research agenda.

Tenure-track positions are intended for candidates with excellent research credentials and the potential to pursue a program of innovative research. The positions are comparable to tenure-track positions at a leading university, and come with two full time research staff positions and generous support for other expenses.

Closing date for applications:

Contact: scientific-recruiting@cispa.saarland

More information: https://jobs.cispa.saarland/jobs/detail/tenure-track-faculty-positions-in-all-areas-related-to-it-security-privacy-and-cryptography-f-m-d-129

Secure inference allows a server holding a machine learning (ML) inference algorithm with private weights, and a client with a private input, to obtain the output of the inference algorithm, without revealing their respective private inputs to one another. While this problem has received plenty of attention, existing systems are not applicable to a large class of ML algorithms (such as in the domain of Natural Language Processing) that perform featurization as their first step. In this work, we address this gap and make the following contributions:

1. We initiate the formal study of secure featurization and its use in conjunction with secure inference protocols. 2. We build secure featurization protocols in the one/two/three-server settings that provide a tradeoff between security and efficiency. 3. Finally, we apply our algorithms in the context of secure phishing detection and evaluate our end-to-end protocol on models that are commonly used for phishing detection.

Large-scale quantum computers will be able to efficiently solve the underlying mathematical problems of widely deployed public key cryptosystems in the near future. This threat has sparked increased interest in the field of Post-Quantum Cryptography (PQC) and standardization bodies like NIST, IETF, and ETSI are in the process of standardizing PQC schemes as a new generation of cryptography. This raises the question of how to ensure a fast, reliable, and secure transition to upcoming PQC standards in today’s highly interconnected world.

In this work, we propose and investigate a migration strategy towards post-quantum (PQ) authentication for the network protocol Transport Layer Security (TLS). Our strategy is based on the concept of “mixed certificate chains” which use different signature algorithms within the same certificate chain. In order to demonstrate the feasibility of our migration strategy we combine the well-studied and trusted hash-based signature schemes SPHINCS+ and XMSS with elliptic curve cryptography first and subsequently with lattice-based PQC signature schemes (CRYSTALS-Dilithium and Falcon). Furthermore, we combine authentication based on mixed certificate chains with the lattice-based key encapsulation mechanism (KEM) CRYSTALS-Kyber as representative for PQC KEMs to evaluate a fully post-quantum and mutually authenticated TLS 1.3 handshake.

Our results show that mixed certificate chains containing hash-based signature schemes only at the root certificate authority level lead to feasible connection establishment times despite the increase in communication size. By analyzing code size and peak memory usage of our client and server programs we further demonstrate the suitability of our migration strategy even for embedded devices.

This paper continues author's previous ones about compression of points on elliptic curves $E_b\!: y^2 = x^3 + b$ (with $j$-invariant $0$) over a finite field $\mathbb{F}_{\!q}$. More precisely, we show in detail how any two (resp. three) points from $E_b(\mathbb{F}_{\!q})$ can be quickly compressed to two (resp. three) elements of $\mathbb{F}_{\!q}$ (apart from a few auxiliary bits) in such a way that the corresponding decompression stage requires to extract only one cubic (resp. sextic) root in $\mathbb{F}_{\!q}$ (with several multiplications and without inversions). As a result, for many $q$ occurring in practice the new compression-decompression methods are more efficient than the classical one with the two (resp. three) $x$ or $y$ coordinates of the points, which extracts two (resp. three) roots in $\mathbb{F}_{\!q}$. We explain why the new methods are useful in the context of modern real-world pairing-based protocols. As a by-product, when $q \equiv 2 \ (\mathrm{mod} \ 3)$ (in particular, $E_b$ is supersingular), we obtain a two-dimensional analogue of Boneh--Franklin's encoding, that is a way to sample two \grqq independent'' $\mathbb{F}_{\!q}$-points on $E_b$ at the cost of one cubic root in $\mathbb{F}_{\!q}$. Finally, we comment on the case of four and more points from $E_b(\mathbb{F}_{\!q})$.