International Association
for Cryptologic Research

The world has been experiencing a mind-blowing expansion of blockchain technology since it was first introduced as an emerging means of cryptocurrency called bitcoin. Currently, it has been regarded as a pervasive frame of reference across almost all research domains, ranging from virtual cash to agriculture or even supply-chain to the Internet of Things. The ability to have a self-administering register with legitimate immutability makes blockchain appealing for the Internet of Things (IoT). As billions of IoT devices are now online in distributed fashion, the huge challenges and questions require to addressed in pursuit of urgently needed solutions. The present paper has been motivated by the aim of facilitating such efforts. The contribution of this work is to figure out those trade-offs the IoT ecosystem usually encounters because of the wrong choice of blockchain technology. Unlike a survey or review, the critical findings of this paper target sorting out specific security challenges of blockchain-IoT Infrastructure. The contribution includes how to direct developers and researchers in this domain to pick out the unblemished combinations of Blockchain enabled IoT applications. In addition, the paper promises to bring a deep insight on Ethereum, Hyperledger blockchain and IOTA technology to show their limitations and prospects in terms of performance and scalability.

Several efforts have been seen claiming the lightweight block ciphers as a necessarily suitable substitute in securing the Internet of Things. Currently, it has been able to envisage as a pervasive frame of reference almost all across the privacy preserving of smart and sensor-oriented appliances. Different approaches are likely to be inefficient, bringing desired degree of security considering the easiness and surely the process of simplicity but security. Strengthening the well-known symmetric key and block dependent algorithm using either chaos motivated logistic map or elliptic curve has shown a far-reaching potential to be a discretion in secure real-time communication. The popular feature of logistic maps, such as the un-foreseeability and randomness often expected to be used in dynamic key-propagation in sync with chaos and scheduling technique towards data integrity. As a bit alternation in keys, able to come up with oversize deviation, also would have consequence to leverage data confidentiality. Henceforth it may have proximity to time consumption, which may lead to a challenge to make sure instant data exchange between participating node entities. In consideration of delay latency required to both secure encryption and decryption, the proposed approach suggests a modification on the key-origination matrix along with S-box. It has plausibly been taken us to this point that the time required proportionate to the plain-text sent while the plain-text disproportionate to the probability happening a letter on the message made. In line with that the effort so far sought how apparent chaos escalates the desired key-initiation before message transmission.

We examine bucket-based and volume-based algorithms for privacy-preserving asset trading in a financial dark pool. Our bucket-based algorithm places orders in quantised buckets, whereas the volume-based algorithm allows any volume size but requires more complex validation mechanisms. In all cases, we conclude that these algorithms are highly efficient and offer a practical solution to the commercial problem of preserving privacy of order information in a dark pool trading venue.

We study the computational problem of finding a shortest non-zero vector in a rotation of $\mathbb{Z}^n$, which we call $\mathbb{Z}$SVP. It has been a long-standing open problem to determine if a polynomial-time algorithm for $\mathbb{Z}$SVP exists, and there is by now a beautiful line of work showing how to solve it efficiently in certain special cases. However, despite all of this work, the fastest known algorithm that is proven to solve $\mathbb{Z}$SVP is still simply the fastest known algorithm for solving SVP (i.e., the problem of finding shortest non-zero vectors in arbitrary lattices), which runs in $2^{n + o(n)}$ time. We therefore set aside the (perhaps impossible) goal of finding an efficient algorithm for $\mathbb{Z}$SVP and instead ask what else we can say about the problem. E.g, can we find any non-trivial speedup over the best known SVP algorithm? And, what consequences would follow if $\mathbb{Z}$SVP actually is hard? Our results are as follows.

1) We show that $\mathbb{Z}$SVP is in a certain sense strictly easier than SVP on arbitrary lattices. In particular, we show how to reduce $\mathbb{Z}$SVP to an approximate version of SVP in the same dimension (in fact, even to approximate unique SVP, for any constant approximation factor). Such a reduction seems very unlikely to work for SVP itself, so we view this as a qualitative separation of $\mathbb{Z}$SVP from SVP. As a consequence of this reduction, we obtain a $2^{0.802n}$-time algorithm for $\mathbb{Z}$SVP, i.e., a non-trivial speedup over the best known algorithm for SVP on general lattices.

2) We show a simple public-key encryption scheme that is secure if (an appropriate variant of) $\mathbb{Z}$SVP is actually hard. Specifically, our scheme is secure if it is difficult to distinguish (in the worst case) a rotation of $\mathbb{Z}^n$ from either a lattice with all non-zero vectors longer than $\sqrt{n/\log n}$ or a lattice with smoothing parameter significantly smaller than the smoothing parameter of $\mathbb{Z}^n$. The latter result has an interesting qualitative connection with reverse Minkowski theorems, which in some sense say that ``$\mathbb{Z}^n$ has the largest smoothing parameter.''

3) We show a distribution of bases $B$ for rotations of $\mathbb{Z}^n$ such that, if $\mathbb{Z}$SVP is hard for any input basis, then $\mathbb{Z}$SVP is hard on input $B$. This gives a satisfying theoretical resolution to the problem of sampling hard bases for $\mathbb{Z}^n$, which was studied by Blanks and Miller (PQCrypto, 2021). This worst-case to average-case reduction is also crucially used in the analysis of our encryption scheme. (In recent independent work that appeared as a preprint before this work, Ducas and van Woerden showed essentially the same thing for general lattices (ia.cr/2021/1332), and they also used this to analyze the security of a public-key encryption scheme.)

4) We perform experiments to determine how practical basis reduction performs on different bases of $\mathbb{Z}^n$. These experiments complement and add to those performed by Blanks and Miller, as we work with a larger class of reduction algorithms (i.e., larger block sizes) and study the ``provably hard'' distribution of bases described above. We also observe a threshold phenomenon in which ``basis reduction algorithms on $\mathbb{Z}^n$ nearly always find a shortest non-zero vector once they have found a vector with length less than $\sqrt{n}/2$,'' and we explore this further.

Data privacy is critical in instilling trust and empowering the societal pacts of modern technology-driven democracies. Unfortunately, it is under continuous attack by overreaching or outright oppressive governments, including some of the world's oldest democracies. Increasingly-intrusive anti-encryption laws severely limit the ability of standard encryption to protect privacy. New defense mechanisms are needed. Plausible deniability (PD) is a powerful property, enabling users to hide the existence of sensitive information in a system under direct inspection by adversaries. Popular encrypted storage systems such as TrueCrypt and other research efforts have attempted to also provide plausible deniability. Unfortunately, these efforts have often operated under less well-defined assumptions and adversarial models. Careful analyses often uncover not only high overheads but also outright security compromise. Further, our understanding of adversaries, the underlying storage technologies, as well as the available plausible deniable solutions have evolved dramatically in the past two decades. The main goal of this work is to systematize this knowledge. It aims to: - identify key PD properties, requirements, and approaches; - present a direly-needed unified framework for evaluating security and performance; - explore the challenges arising from the critical interplay between PD and modern system layered stacks; - propose a new "trace-oriented" PD paradigm, able to decouple security guarantees from the underlying systems and thus ensure a higher level of flexibility and security independent of the technology stack. This work is meant also as a trusted guide for system and security practitioners around the major challenges in understanding, designing, and implementing plausible deniability into new or existing systems.

The use of deep learning techniques to perform side-channel analysis attracted the attention of many researchers as they obtained good performances with them. Unfortunately, the understanding of the neural networks used to perform side-channel attacks is not very advanced yet. In this paper, we propose to contribute to this direction by studying the impact of some particular deep learning techniques for tackling side-channel attack problems. More precisely, we propose to focus on three existing techniques: batch normalization, dropout and weight decay, not yet used in side-channel context. By combining adequately these techniques for our problem, we show that it is possible to improve the attack performance, i.e. the number of traces needed to recover the secret, by more than 55%. Additionally, they allow us to have a gain of more than 34% in terms of training time. We also show that an architecture trained with such techniques is able to perform attacks efficiently even in the context of desynchronized traces.

Satoshi Nakamoto's Proof-of-Work (PoW) longest chain (LC) protocol was a breakthrough for Internet-scale open-participation consensus. Many Proof-of-Stake (PoS) variants of Nakamoto's protocol such as Ouroboros or Snow White aim to preserve the advantages of LC by mimicking PoW LC closely, while mitigating downsides of PoW by using PoS for Sybil resistance. Previous works have proven these PoS LC protocols secure assuming all network messages are delivered within a bounded delay. However, this assumption is not compatible with PoS when considering bandwidth constraints in the underlying communication network. This is because PoS enables the adversary to reuse block production opportunities and spam the network with equivocating blocks, which is impossible in PoW. The bandwidth constraint necessitates that nodes choose carefully which blocks to spend their limited download budget on. We show that 'download along the longest header chain', a natural download rule for PoW LC, emulated by PoS variants, is insecure for PoS LC. Instead, we propose 'download towards the freshest block' and prove that PoS LC with this download rule is secure in bandwidth constrained networks. Our result can be viewed as a first step towards the co-design of consensus and network layer protocols.

The ability to verifiably retrieve transaction or state data stored off-chain is crucial to blockchain scaling techniques such as rollups or sharding. We formalize the problem and design a storage- and communication-efficient protocol using linear erasure-correcting codes and homomorphic vector commitments. Motivated by application requirements for rollups, our solution departs from earlier Verifiable Information Dispersal schemes in that we do not require comprehensive termination properties or retrievability from any but only from some known sufficiently large set of storage nodes. Compared to Data Availability Oracles, under no circumstance do we fall back to returning empty blocks. Distributing a file of 28.8 MB among 900 storage nodes (up to 300 of which may be adversarial) requires in total approx. 95 MB of communication and storage and approx. 30 seconds of cryptographic computation on a single-threaded consumer-grade laptop computer. Our solution requires no modification to on-chain contracts of Validium rollups such as StarkWare's StarkEx. Additionally, it provides privacy of the dispersed data against honest-but-curious storage nodes.

Event date: 30 June to 1 July 2022
Submission deadline: 7 February 2022
Notification: 14 March 2022

Event date: 31 January to 4 February 2022

Event date: 31 January 2023
Submission deadline: 30 April 2022
Notification: 31 July 2022

Event date: 10 December to 11 December 2021

Event date: 30 May to
Submission deadline: 8 January 2022
Notification: 22 February 2022

Event date: 13 August to 18 August 2022

Indian Statistical Institute invites applications from duly qualified for full-time faculty positions at the level of Assistant Professors and Associate Professor, to be placed at the R. C. Bose Centre for Cryptology and Security of the Institute, in Kolkata. Candidates with a strong research background in Cryptology and Security (preferably in Cybersecurity or IoT). For details please visit https://www.isical.ac.in/sites/default/files/jobs/rcbccs_advt_2022.pdf

Closing date for applications:

Contact: rcbose@isical.ac.in

More information: https://www.isical.ac.in/sites/default/files/jobs/rcbccs_advt_2022.pdf

The newly established Chair of Information Security at RUB has multiple open positions for PhD students and postdoctoral researchers in the area of system security, particularly (but not limited to) those specializing in:

- Blockchain security and privacy: we explore how to improve the security and privacy of cryptocurrencies and modern blockchain platforms while enhancing their performance and scalability.
- Platform security: we explore how to make use of hardware support to improve the security and privacy of platforms.
- ML security and privacy: we investigate how we can improve the security of machine learning algorithms and how to securely use machine learning to secure existing platforms.

Are you excited by opportunities to work in any of those topics? Do you have a solid background in blockchain technologies, machine learning techniques, or security/privacy concepts? Are you excited about building highly performant secure systems? If so, we'd like to hear from you. If you are interested in applying, please send an email to Prof. Dr. Karame (ghassan.karame@rub.de) with your current CV and a description of why you think you are a good fit.

Closing date for applications:

Contact: Prof. Dr. Ghassan Karame

The Strategic Centre for Research in Privacy-Preserving Technologies & Systems (SCRIPTS) at Nanyang Technological University in Singapore has several open positions on Post-Doc Research Fellow, supported by a Post-Quantum Cryptography research project in both public-key and symmetric-key led by Prof Huaxiong Wang and Prof Jian Guo.

Your role:

• To work, both independently and collaboratively, on a research-orientated post-quantum project including cryptanalysis and design of post-quantum public-key and symmetric-key cryptography primitives.
• To publish in top conferences

Requirements:

• PhD in cryptography
• Track-record publications in Tier-1 conferences (Asiacrypt, Eurocrypt, Crypto, CCS, Usenix, IEEE S&P, NDSS)

We offer:

• globally competitive salary package
• a team with strong capability in development and research to work with
• various opportunities to work with our industry partners

Duration: 2 years

Interested candidates are to send their CV and 2 reference letters. Review of applicants will start immediately until all positions are filled. More information about SCRIPTS centre can be found in https://www.ntu.edu.sg/scripts

Closing date for applications:

Contact: scripts@ntu.edu.sg with subject [IACR-PQC]

More information: https://www.ntu.edu.sg/scripts

The CRYSPY Lab (CRyptography, Security and PrivacY) at Lund University is looking for a Post Doctoral researcher to work on the design of post-quantum secure cryptographic solutions. We welcome applications from Ph.D. holders, the ideal candidate is expected to be motivated, able to carry research tasks in an independent way, open to collaborate in on-going projects in a team-work fashion, and willing to perform some teaching duties. There is also time for independent research, no restrictions on collaboration with other researchers. The application will be open until we find a suitable candidate.
Main requirements: a Ph.D. degree in Computer Science, Applied Mathematics, or a related field. Competitive research record in cryptography or information security. Strong mathematical or algorithmic background. Fluent written and verbal communication skills in English.
About the CRYSPY lab: we are about 20 researchers (counting PhD students and seniors) passionate about solving real world security issues as well as posing and addressing security challenges of a theoretical taste. We have a long history of design and cryptanalisys of symmetric ciphers and lattice-based constructions, as well as network-security. More recently, we are moving towards post-quantum cryptosystems, homomorphic authenticators, privacy-aware data storage and sharing solutions.
For more info: https://www.eit.lth.se/index.php?gpuid=508&L=1 and https://epagnin.github.io

Closing date for applications:

Contact: elena.pagnin@eit.lth.se

More information: https://lu.varbi.com/en/what:job/jobID:439586/type:job/where:4/apply:1

We are looking for a Research Fellow (Post-Doc), to join our group. The applicants should have background and be interested in working on different aspects of lattice based cryptography, and a strong publication record, in particular on:

- security proofs for lattice-based schemes,
- building and implementing lattice-based constructions.

The research will take place in the CAPSULE team (formerly called EMSEC team), within the IRISA computer science institute located in Rennes, France. To apply please send us by email your detailed CV (with publication list) and a research statment. The position has flexible starting date, with possibility to start in January / February 2022 or later.
Review of applications will start immediately until the position is filled.

Closing date for applications:

Contact: Adeline Roux-Langlois / adeline.roux-langlois@irisa.fr and Alexandre Wallet / alexandre.wallet@inria.fr

There are fully funded PhD scholarships available to the UK, EU and international students at the Department of Computer Science, University of Warwick. Students who are interested to pursue a PhD in security and applied cryptography are encouraged to contact feng.hao@warwick.ac.uk with a CV.

Closing date for applications:

Contact: feng.hao@warwick.ac.uk

More information: https://warwick.ac.uk/fac/sci/dcs/people/feng_hao/openings/