International Association
for Cryptologic Research

Cryptographic protocols are distributed algorithms that allow entities to perform security-related functions over a (potentially untrusted) network. Such protocols are ubiquitous, and their security is essential to almost any IT system. It is quite challenging to create secure protocols as even small non-obvious mistakes can have fatal consequences. For example, the (very simple) Needham-Schroeder key exchange protocol contains a severe security flaw that went unnoticed for 17 years. For modern security protocols, such as TLS, it is even harder to ensure security. These protocols tend to be much more complex and are typically embedded into environments that introduce their own quirks and subtleties. Formal methods provide a systematic way to perform comprehensive analyses of such protocols concisely and rigorously. They allow us to specify security goals precisely and enable us to prove that a protocol indeed guarantees such properties. Using this approach, we can find attacks (if a proof fails), develop fixes, and formally verify whether our fixes are sufficient. Moreover, we can even exclude unknown classes of attacks on the systems we analyse. Although this field has been quite active in research for several decades now, there are still many open research questions to answer: Existing tools and approaches often struggle with analyses of complex protocols. Proofs are often quite laborious and are susceptible to human errors. Furthermore, modern environments such as Web, Mobile, and IoT also introduce their own complexity and pitfalls and blend into each other, creating new subtleties which can be an additional source of security issues. Hence, we need to develop new methods and techniques to tackle this complexity, mechanise and automate such security analyses to more extent, and take the characteristics of modern environments into account. We are looking for applications from highly talented candidates with a background in computer science, information security, mathematics, or a related field interested in logic, proofs, and formal analysis techniques. We value strong analytical skills and solid programming knowledge.

Closing date for applications:

Contact: Prospective applicants are welcome to discuss with Guidi Schmitz

More information: https://www.royalholloway.ac.uk/cdt

Privacy-preserving Outsourced Computation: The Centre for Doctoral Training in Cyber Security for the Everyday seeks to recruit a PhD student to work on practical privacy-preserving outsourced computation techniques, such as homomorphic encryption (HE). This project will be carried out jointly with KDDI Research, Japan. Fully homomorphic encryption enables the evaluation of arbitrary functions on encrypted data, without requiring access to the secret key. This cryptographic primitive can enable a variety of practical applications in secure outsourced computation, including privacy-preserving data analysis. Cybersecurity systems (e.g., IDS, IPS) collect large amounts of data to detect security events. Analysis of this data may however pose a significant threat to the privacy of users. A privacy-preserving data analysis attempts to alleviate this threat by carrying out the analysis over encrypted data. Removing privacy risks will allow more data sharing, and more enhanced data analysis. The goal of the project is the enhancement of HE for practical use. This could include (for example) the design and security of practical privacy-preserving applications, or proposing improvements and optimisations to existing HE schemes. The Information Security Group (ISG) at Royal Holloway has a strong track record in cryptographic research, including algorithm design and analysis, post-quantum cryptography, homomorphic encryption and applications of secure computation. KDDI Research is the research and innovation arm of KDDI Corporation, one of the largest Japanese telecommunications operators. The ISG and KDDI have a long-term collaboration in the area of cryptography, and the student recruited for this project will work closely with researchers from the two groups. Applicants are expected to have a background in mathematics, computer science, or a related discipline. Prospective applicants are welcome to contact Rachel.Player@rhul.ac.uk to discuss the project.

Closing date for applications:

Contact: Dr Rachel Player

More information: https://www.royalholloway.ac.uk/cdt

The threat of large-scale, general-purpose quantum computers to existing public-key cryptographic solutions has lead to global efforts to standardise post-quantum cryptography as a replacement. In particular, the NIST Post-Quantum Cryptography is now in its third and final round. One of the front-runners for problems to base post-quantum cryptography on are hard problems on lattices. Five out of seven finalists of the NIST processes are based on lattices. Thus, it is a natural question to ask how long it actually takes to solve these problems on lattices. The better we understand this problem the more confidence we can have in the cryptographic solutions soon to be deployed globally. The security of lattice-based cryptography is a pressing research question for a second reason. Many innovations in the field of cryptography in recent years rely on lattices as their foundation. For example, all the ways in which we know how to compute arbitrary functions on encrypted data – homomorphic encryption – are based on lattices. The Information Security Group at Royal Holloway has a strong track record in this area and we are seeking students to join our efforts to address this pressing research question. The directions this PhD can go into are manifold: (asymptotic) algorithm design and analysis, implementations, experimental validation, quantum computing, side-channel analysis, active attacks against protocols using lattice-based primitives, studying special cases relevant in practice. We seek applicants with a background in mathematics and/or computer science or related disciplines. Prospective applicants are welcome to discuss with martin.albrecht@rhul.ac.uk

Closing date for applications:

Contact: Prospective applicants are welcome to discuss with Professor Martin Albrecht

More information: https://www.royalholloway.ac.uk/cdt

The Department of Computer Science at Technische Universität Darmstadt invites applications for two positions as Doctoral Researchers (Research Assistants/PhD Students) in Cryptography and Complexity Theory in the group of Professor Marc Fischlin. The positions are funded through BMBF projects DemoQuanDT and QSYM about Quantum Security. More information about our research is available under: www.cryptoplexity.de The starting date is 01.01.2022. The initial funding for each of the positions is for three years, but the contracts may be extended. Your Profile: Completed university degree (Master’s degree or equivalent) in Computer Science, Mathematics, or a similar discipline Extensive knowledge in the areas of our projects, in particular cryptography and IT security Fluent English language skills Experience in IT system administration is welcome Candidates are expected to contribute to the research, teaching, and administrative tasks of the group. Opportunity for further qualification (doctoral dissertation) is given. The fulfillment of the duties likewise enables the scientific qualifications of the candidate.

Closing date for applications:

Contact: Prof. Dr. Marc Fischlin, E-Mail: jobs@cx.tu-darmstadt.de

More information: https://www.tu-darmstadt.de/universitaet/karriere_an_der_tu/stellenangebote/aktuelle_stellenangebote/stellenausschreibungen_detailansichten_1_442368.en.jsp

The Cryptography and Information Security (CIS) Lab of NTT Research is a team of world-class research scientists. The blockchain group of the CIS Lab is seeking post-doctoral fellows. Post-doctoral fellows with the group will conduct fundamental research related to blockchain technology. The focus areas are consensus mechanism, smart contract security/privacy, and game theory. Applicants of the post-doctoral researcher should have demonstrated a strong track record of research with top-level academic conferences/journals focusing on blockchain, cryptography, computer security, theoretical computer science, or economics. To apply and for further details, see https://careers.ntt-research.com/cis

Closing date for applications:

Contact: Shin'ichiro Matsuo (Shinichiro.Matsuo@ntt-research.com)

More information: https://careers.ntt-research.com/cis

The Basque Center for Applied Mathematics (BCAM), in Bilbao, is offering a postdoc position for 2 years, with starting date as soon as possible. We are seeking for excellent candidates with a PhD in Mathematics or Computer Science interested in post quantum cryptography with a with good background on mathematical areas related with it, number theory, computational algebra and algebraic geometry, etc. Good programming skills is a plus. The working language is English..

BCAM is an research center of applied mathematics located in Bilbao. Its research is transversal, covering from core developments in mathematics to the most applied aspects. It enjoys the Severo Ochoa distinction (the highest rank distinction for research centers in Spain). The position is the framework of the creation of a new research line in (post-quantum) cryptography, which falls within the Basque strategy on Quantum computing, Quantum Cryptography and Quantum safe Cryptography. The research line will be lead by Prof. Ignacio Luengo (UCM, Madrid), with the collaboration of Prof. Jintai Ding (Tsinghua University).

Deadline for applications is 12/31/2020.

More details, and application link are available here: https://www.bcamath.org/en/research/job

Closing date for applications:

Contact: Ignacio Luengo (iluengo@ucm.es)

More information: https://www.bcamath.org

Event date: 18 July to 20 July 2022
Submission deadline: 25 February 2022
Notification: 22 April 2022

Event date: 8 August to 12 August 2022
Submission deadline: 25 February 2022
Notification: 23 May 2022

ESSENTIAL CRITERIA 1. An extended Degree or higher qualification (e.g. Masters), or equivalent experience, in information technology or a relevant discipline area from a recognised tertiary institution. Progression towards completion of a Doctoral qualification would be highly regarded. 2. Professional experience, or demonstrated deep knowledge, in a relevant discipline such as Cyber Security and/or Artificial Intelligence/Machine Learning. 3. Demonstrated research experience and expertise in privacy-preserving machine learning including privacy-preserving federated learning are the most desirable. Otherwise, expertise from at least one of the following areas is a must: privacy preservation such as Secure Multi-party Computation or Differential Privacy, secure data sharing such as Secret Sharing, (distributed) machine learning, AI modelling for the healthcare domain. 4. High Level computational and programming skills (e.g., Java, Python, or C/C++). 5. Experience in mobile app development, cloud-based solution design and deployment, deploying an IT solution in the healthcare domain, project management and coordination working with multidisciplinary researchers. 6. Proven track record of publications in peer reviews journals and/or authorship of scientific papers, report and grant applications. 7. A record of science innovation and creativity, including the ability and willingness to incorporate novel ideas and approaches into scientific investigations as well as real-world deployment. 8. Knowledge and ability to engage in research that provides the opportunity to collaborate with others, advances knowledge, and engages with industry. 9. Willingness to engage in capacity building learning and teaching (academic) development activities. 10. High level oral and written communication and interpersonal skills, relating well to people at all levels using diplomacy, tact and sound judgement, with an ability to build constructive and effective relationships. 11. Alignment with the core University values of Respect, Integrity, and Excellence.

Closing date for applications:

Contact: To find out more about this opportunity, please contact Dr Zhaohui Tang on +61 7 4631 2464 or Zhaohui.Tang@usq.edu.au.

More information: https://usq.nga.net.au/cp/index.cfm?event=jobs.checkJobDetailsNewJobBoardApplication&returnToEvent=jobs.home&jobID=67116E77-BC8B-488E-9911-ADEF0113B928&audienceTypeCode=EXT&jobAdID=064CFA1B-0E96-87C3-7AB5-C00557316039&UseAudienceTypeLanguage=1

3 PhD positions in the hardware security research group of Prof. Aydin Aysu at North Carolina State University starting in Fall 22. Spring/Summer 22 is possible for those who are already in US. 1) Cloud FPGA architectural security 2) Side-channel attacks on machine learning accelerators 3) Fault attacks on machine learning accelerators Applicants can email CV to aaysu@ncsu.edu -- positions are fully funded. The deadline is Jan. 15th, 2022

Closing date for applications:

Contact: Aydin Aysu

Full Professorship for System Security
The Horst Görtz Institute for IT Security (HGI) in Bochum, Germany is one of the most renowned institutes in the field of IT Security in Europe. The Horst Görtz Institute for IT Security (HGI) in Bochum, Germany is one of the most renowned institutes in the field of IT Security in Europe. The HGI hosts 26 faculty members, maintains extensive networks and has produced numerous successful start-ups. HGI is home to the Cluster of Excellence "CASA: Cyber Security in the Age of Large-Scale Adversaries", funded with approximately 30 million euros. This outstanding environment offers excellent working conditions in a highly topical and exciting field. In addition, there is a very good working atmosphere in a young and diverse group of researchers. The Faculty of Computer Science at Ruhr-Universität Bochum invites applications for a tenured Full Professorship for System Security. Applicants should have an excellent track record in research and teaching in at least one of the following areas:

• OS and software security
• Network and distributed systems security
• Malware analysis
• Analysis of network and security protocols
• Security analysis of hardware designs and binaries
• Machine learning and security.
  We are looking for a scientist with an internationally visible research profile, who complements existing focus areas. We expect a willingness to cooperate with the Horst Görtz Institute for IT Security as well as an active role in current and planned projects, especially in the Cluster of Excellence "CASA: Cyber Security in the Age of Large Scale Adversaries". The Max Planck Institute for Security and Privacy offers additional possibilities for collaboration. The working language is English. Fluent German is not a prerequisite for a successful engagement at HGI. The official job add can be found here. Applications with the usual documents are requested by January 10, 2022 to the Dean of the Faculty of Computer Science at Ruhr-Universität Bochum, Alexander May, e-mail: career@casa.rub.de . Further information can be found here: https://informatik.rub.de/en/ https://casa.rub.de/en/

  Closing date for applications:

  Contact: Alexander May, Dean of the Faculty of Computer Science at Ruhr-Universität Bochum

  More information: https://informatik.rub.de/en/

The Hardware Security Department at Fraunhofer AISEC is currently looking for a security researcher to work on tamper protection for embedded systems with strong background in hardware security and analog or mixed signal circuit design.
The work covers different aspects in the areas the design of new physical structures for tamper protection and PUF primitives, characterization of the structures, design of measurement circuits, research on attacks and countermeasures, system design, development of firmware, and statistical assessments, depending on the background of the candidate.
The candidate must hold a master's degree in electrical engineering, security, physics, or a related field, and have at least intermediate German language levels (B2). The position supports the candidate to work towards a PhD in collaboration with the Technical University of Munich.
If you are interested, please apply via the following link: https://www.aisec.fraunhofer.de/de/jobs/wissenschaftliche-stellen/aisec-2021-6.html

Closing date for applications:

Contact: Matthias Hiller (matthias.hiller@aisec.fraunhofer.de)

The Department of Computer Science at Aalto University – in the top-20 young universities worldwide – invites applications for tenure-track positions at the assistant professor level. Candidates with exceptional merits can apply for a tenured appointment at the associate professor level. We welcome applications in all areas of computer science, including but not limited to:

Computing systems;

Digital ethics, society and policy;

Modern data management;

Security and privacy;

Software engineering.

The Department of Computer Science (https://www.aalto.fi/en/department-of-computer-science) is home to world-class research in modern computer science, combining research on foundations and innovative applications. An international community with 47 professors and more than 400 employees from 45 countries, it is the largest department at Aalto University and the largest computer science unit in Finland. The department consistently ranks high in global rankings, for example,1st in Northern countries and 56th worldwide in Times Higher Education subject ranking 2020. Diversity is part of who we are, and we actively work to ensure our community’s diversity and inclusiveness. We warmly encourage qualified candidates from all backgrounds to join our community. We offer competitive salaries and start-up packages to new faculty. The contract includes occupational health benefits. For international hires, we offer relocation services.

Closing date for applications:

Contact: Please contact Associate Professor Casper Lassenius or in recruitment process related questions HR Coordinator Laura Kuusisto-Noponen; emails firstname.lastname@aalto.fi.

More information: https://aalto.wd3.myworkdayjobs.com/en-US/aalto/job/Otaniemi-Espoo-Finland/Assistant-or-Associate-Professors-in-Computer-Science_R32265

The Cryptography and Information Security (CIS) Lab of NTT Research is a team of world-class research scientists. The CIS Lab is seeking research interns typically for about 12 weeks during the summer. For the duration of their internship, interns will be matched with one of our research scientists as a mentor. Applicants should have demonstrated strong mathematical ability and be enrolled in a PhD program with a focus on cryptography, computer security, or theoretical computer science.

Closing date for applications:

Contact: To apply and for further details see https://careers.ntt-research.com/cis

The Department of Mathematics & Statistics at the University of South Florida seeks to fill a 12-month, full-time, Postdoctoral Scholar position in Mathematics to begin on August 8, 2022.

Candidates must possess a PhD by the start date. We welcome applications from candidates with a background in mathematical cryptology (in particular: cryptography based on (ideal) lattices, isogenies, and codes).

The position carries a teaching load of 3 courses a year (within the Maths & Stats department). The initial contract is for 1 year, and may be renewed for up to 2 additional years based on satisfactory performance in both research and teaching.

The successful candidate will collaborate with the members of the newly created USF Center for Cryptographic Research (https://www.usf-crypto.org/).

Additional details, and application link are available here: https://www.mathjobs.org/jobs/list/19124

Closing date for applications:

Contact: Jean-Francois Biasse or Giacomo Micheli (see USF's webpage for contact information: http://math.usf.edu/)

More information: https://www.mathjobs.org/jobs/list/19124

The Department of Computer Science at the University of Toronto is conducting three open-area searches for full-time tenure stream positions. The appointment will be at the rank of Assistant Professor and will commence on July 1, 2022, or shortly thereafter. We start reviewing applications on December 6, 2021, and the closing date is January 10, 2022.

Closing date for applications:

Contact: Eitan Grinspun

More information: https://academicjobsonline.org/ajo/jobs/19687

In 2016, Galbraith et al. presented an adaptive attack on the SIDH key exchange protocol. In SIKE, one applies a variant of the Fujisaki-Okamoto transform to force Bob to reveal his encryption key to Alice, which Alice then uses to re-encrypt Bob's ciphertext and verify its validity. Therefore, Bob can not reuse his encryption keys. There have been two other proposed countermeasures enabling static-static private keys: k-SIDH and its variant by Jao and Urbanik. These countermeasures are relatively expensive since they consist in running multiple parallel instances of SIDH.

In this paper, firstly, we propose a new countermeasure to the GPST adaptive attack on SIDH. Our countermeasure does not require key disclosure as in SIKE, nor multiple parallel instances as in k-SIDH. We translate our countermeasure into a key validation method for SIDH-type schemes. Secondly, we use our key validation to design HealSIDH, an efficient SIDH-type static-static key interactive exchange protocol. Thirdly, we derive a PKE scheme SHealS using HealSIDH. SHealS uses larger primes compared to SIKE, has larger keys and ciphertexts, but only $4$ isogenies are computed in a full execution of the scheme, as opposed to $5$ isogenies in SIKE. We prove that SHealS is IND-CPA secure relying on a new assumption we introduce and we conjecture its IND-CCA security. We suggest HealS, a variant of SHealS using a smaller prime, providing smaller keys and ciphertexts.

As a result, HealSIDH is a practically efficient SIDH based (interactive) key exchange incorporating a "direct" countermeasure to the GPST adaptive attack.

The Refined Power Analysis, Zero-Value Point, and Exceptional Procedure attacks introduced side-channel techniques against specific cases of elliptic curve cryptography. The three attacks recover bits of a static ECDH key adaptively, collecting information on whether a certain multiple of the input point was computed. We unify and generalize these attacks in a common framework, and solve the corresponding problem for a broader class of inputs. We also introduce a version of the attack against windowed scalar multiplication methods, recovering the full scalar instead of just a part of it. Finally, we systematically analyze elliptic curve point addition formulas from the Explicit-Formulas Database, classify all non-trivial exceptional points, and find them in new formulas. These results indicate the usefulness of our tooling, which we released publicly, for unrolling formulas and finding special points, and potentially for independent future work.

At ICALP 2018, Boyle et al. introduced the notion of the bottleneck complexity of a secure multi-party computation (MPC) protocol. This measures the maximum communication complexity of any one party in the protocol, aiming to improve load-balancing among the parties.

In this work, we study the bottleneck complexity of MPC in the preprocessing model, where parties are given correlated randomness ahead of time. We present two constructions of bottleneck-efficient MPC protocols, whose bottleneck complexity is independent of the number of parties:

1. A protocol for computing abelian programs, based only on one-way functions. 2. A protocol for selection functions, based on any linearly homomorphic encryption scheme.

Compared with previous bottleneck-efficient constructions, our protocols can be based on a wider range of assumptions, and avoid the use of fully homomorphic encryption.

Searchable symmetric encryption (SSE) enables users to make confidential queries over always encrypted data while confining information disclosure to pre-defined leakage profiles. Despite the well-understood performance and potentially broad applications of SSE, recent leakage-abuse attacks (LAAs) are questioning its real-world security implications. They show that a passive adversary with certain prior information of a database can recover queries by exploiting the legitimately admitted leakage. While several countermeasures have been proposed, they are insufficient for either security, i.e., handling only specific leakage like query volume, or efficiency, i.e., incurring large storage and bandwidth overhead.

We aim to fill this gap by advancing the understanding of LAAs from a fundamental algebraic perspective. Our investigation starts by revealing that the index matrices of a plaintext database and its encrypted image can be linked by linear transformation. The invariant characteristics preserved under the transformation encompass and surpass the information exploited by previous LAAs. They allow one to unambiguously link encrypted queries with corresponding keywords, even with only partial knowledge of the database. Accordingly, we devise a new powerful attack and conduct a series of experiments to show its effectiveness. In response, we propose a new security notion to thwart LAAs in general, inspired by the principle of local differential privacy (LDP). Under the notion, we further develop a practical countermeasure with tunable privacy and efficiency guarantee. Experiment results on representative real-world datasets show that our countermeasure can reduce the query recovery rate of LAAs, including our own.