International Association
for Cryptologic Research

Do you have a Master/PhD, research or coding experience in the area of Applied Cryptology? Do you want to design, code and co-invent the next generation of Distributed Systems protocols?
At QPQ, we are building the Internet of Economics, a new approach to a compliant and regulated financial systems infrastructure. Join a team of mathematicians, computer scientists, engineers and self-taught individuals. We give you
- A stimulating, Socratic intellectual environment. As Socratic implies, we want you to have a voice. We do not recruit brilliant people to put them in boxes, we recruit brilliant people so they can push the horizons even further
- Hybrid office approach – we have been a distributed workforce from the start. This role is centred around our European axis, so we expect you to live within +/- 2 hours of CET. We get together a complete team every quarter, so you must be willing to travel and embrace being part of a diverse team drawn from many walks of life and cultures
- Competitive salary, travel expense budget and many opportunities to participate in the company’s growth
Responsibilities:
- Perform research and engineering on cryptographic protocols
- Working with a multi-faceted team of practitioners on a set of blockchain-based privacy protocols interacting with the DeFi space and providing compliance with financial regulations
Requirements:
- Master or Ph.D. in cryptography or a closely related field
- Be able to prototype protocols/schemes/algorithms in at least one relevant programming language
- Have a thorough approach and be committed to high quality output
- Be eager to learn new topics and tools, proactive, self-driven approach and problem-solving mindset
- Good communication and collaboration skills
- Able to proactively identify which activities can benefit the project the most in the shortest period of time, communicate, and execute on their ideas without needing to be micromanaged
- Full-time availability with flexible working hours
- Nice to be familiar with blockchain, DeFi space and general understanding of full-stack system architecture
- Nice to have knowledge of zk proof systems

Closing date for applications:

Contact: Apply as soon as possible with a CV, a video, or anything that will showcase your abilities. Person in contact: Emanuele Ragnoli (eragnoli@qpq.io)

We are building the Internet of Economics, a new approach to a compliant and regulated financial systems infrastructure. Join a team of mathematicians, computer scientists, engineers and self-taught individuals. What do we give you?
• A stimulating, Socratic intellectual environment. As Socratic implies, we want you to have a voice. We do not recruit brilliant people to put them in boxes, we recruit brilliant people, so they can push the horizons even further
• Hybrid office approach. This role is centred around our European axis, so we expect you to live within +/- 2 hours of CET. We get together a complete team every quarter, so you must be willing to travel and embrace being part of a diverse team drawn from many walks of life and cultures
• Competitive salary, travel expense budget and many opportunities to participate in the company’s growth
Responsibilities:
- Perform research and engineering on cryptographic protocols;- Have a leading role in the cryptography team in defining and applying protocols
- Working with a multi-faceted team of practitioners on a set of blockchain-based privacy protocols interacting with the DeFi space and providing compliance with financial regulations
Requirements:
- Master or Ph.D./Multi-year working experience in cryptography or a closely related field
- Knowledge of modern cryptographic primitives
- Be able to prototype protocols/schemes/algorithms in at least one relevant programming language
- Be familiar with the blockchain and DeFi space
- General understanding of full-stack system architecture
- Have a thorough approach and be committed to high quality output. Have prior research/code already published in the space
- Excellent communication and collaboration skills
- Be eager to learn new topics and tools, proactive, self-driven approach and problem-solving mindset
- Able to proactively identify which activities can benefit the project the most in the shortest period of time, communicate, and execute on their ideas without needing to be micromanaged
- Full-time availability with flexible working hours
- Nice to have knowledge of modern, efficient zk-proofs

Closing date for applications:

Contact: Apply as soon as possible with a CV, a video, or anything that will showcase your abilities. Person in contact: Emanuele Ragnoli (eragnoli@qpq.io)

The University of Birmingham’s Centre for Cyber Security and Privacy is looking for a research fellow (postdoc) to work on our EPSRC-funded project "CAP-TEE: Capability Architectures in Trusted Execution".

In this project, we use capability architectures (as e.g. developed by the CHERI project) to protect trusted execution against such state-of-the-art attacks. We address a wide range of threats from software vulnerabilities such as buffer overflows to hardware attacks like fault injection and side-channel analysis. CAP-TEE provides a strong, open-source basis for the future generation of more secure TEEs.

Applicants should have a PhD, or be close to completing a PhD, in a relevant subject (security, crypto, electrical engineering, maths, etc.). We also consider non-PhD applicants with strong industry experience. We expect experience in writing system-level or low-level code in programming languages such as C, C++, or Rust. Skills in other relevant areas, e.g. FPGA development, side-channel attacks, or binary analysis/exploitation, are desirable.

Please contact David Oswald (d.f.oswald@bham.ac.uk) for informal enquiries. You can apply online until 25 March 2022: https://bham.taleo.net/careersection/external/jobdetail.ftl?job=2200004N&tz=GMT%2B00%3A00&tzname=Europe%2FLondon

Closing date for applications:

Contact: David Oswald
d.f.oswald@bham.ac.uk
https://www.cs.bham.ac.uk/~oswalddf/

More information: https://bham.taleo.net/careersection/external/jobdetail.ftl?job=2200004N&tz=GMT%2B00%3A00&tzname=Europe%2FLondon

We are looking for an “R&D researcher Crypto & Privacy” to reinforce our Worldline’s “Trust & Intelligence” Labs team. The Worldline Labs team provides cross functional Research and Development activity for all business units on new IT technologies and their potential value for our Worldline products and offers. The department ensures a first level of technology monitoring and collaborates with academic labs, industrial partners, start-ups and Worldline business lines on innovative projects at country or European level. Your day-to-day responsibilities include: • Select and refine privacy preserving technologies (stay on top of the state-of-the art and experiment with them) • Handling subject as Privacy-preserving Payment, Identity, Machine Learning and Data collaboration missions • Actively support our innovation teams requiring cryptographic solutions • You manage the Biometrics in-shop, IoT decentralized identity and Quantum-safe signatures • Support our Web 3.0 | DLT research with its strong cryptographic foundations • Contribute to the Privacy preserving DLT, anonymous auctions and SSID • Present the value of the technologies you explore to internal and external audiences Skills we can’t do without: • Graduate degree in engineering or Master background in cryptography, mathematics or IT fields. • Confirmed experience (3-4 years) in cryptography or privacy preservation (applied or research oriented), blockchain is a plus. • Proficiency in English is required. French knowledge is a plus. • You are known for you autonomous, ambitious, analytical, business-minded and inventive approach. • Being able to integrate in a diverse team of researchers, engineers and innovators. • Outstanding interpersonal skills, assure support and collaborate with product and customer teams • Several location possible: Paris, Seclin, Blois, Tours, Lyon, Brussels (BE)

Closing date for applications:

Contact: Bianka Kozma

More information: https://performancemanager.successfactors.eu/sf/jobreqpvt?jobId=238453&company=Worldline&st=C933D80914D042FC427C16CDE1126B7032792DE8

Event date: 13 November to 16 November 2022

The algebraic group model (AGM), proposed by Fuchsbauer, Kiltz and Loss (CRYPTO 2018) has received huge attention. One of the most appealing properties of the AGM, is that, the hardness of security games in the generic group model (GGM) can be transferred via a generic reduction in the AGM. More concretely, for any two security games, G and H, if there exists a generic reduction from H to G in the AGM, and H is hard in the GGM, then G is also hard in the GGM.

In this work, we analyze the relationship between the AGM and Shoup’s GGM (Eurocrypt 1997) and give evidence that:

• hardness of security games in Shoup’s GGM cannot be transferred via a generic reduction in the AGM;

• the AGM and Shoup’s GGM are incomparable.

In the wake of the Covid-19 pandemic, countries and organizations started looking towards technology to curb the spread of the disease, for instance, conducting contact tracing with smartphones. Many contact tracing applications are on the market, built on different technology, such as Bluetooth, GPS, Sound, and QR code scanning systems. The use of sound is an area that has potential for further exploration; currently, only NOVID is utilizing this technology. On top of that, there is a need for a decentralized backend solution that is both public and auditable to address data manipulation concerns. One of the possible solutions is using a blockchain as the backend for the system. We propose a blockchain-based contact tracing solution that uses sound and Bluetooth to detect proximity. Our proposed solution uses blockchain as the backend of the system for decentralized storage of contact tracing data. In the proposed system, close contact is established if both Bluetooth and sound are detected between the communicating devices. The practicality of the proposed scheme is assessed by a performance evaluation of the proximity detection system and a proof-of-concept of the blockchain backend. The results show that the sound-amplitude based distance measurement can estimate whether an encounter is a close contact (within 3 meters) using a ‘threshold’ of the amplitude. The use of sound amplitude eliminates situations where the usage of only Bluetooth would show false positives. The proposed approach is the first work that integrates Blockchain, Bluetooth and sound amplitude for proximity detection to the best of our knowledge. Overall, the system shows promising results in distance estimation than if only a Bluetooth implementation is used.

ARM-based Android smartphones rely on the TrustZone hardware support for a Trusted Execution Environment (TEE) to implement security-sensitive functions. The TEE runs a separate, isolated, TrustZone Operating System (TZOS), in parallel to Android. The implementation of the cryptographic functions within the TZOS is left to the device vendors, who create proprietary undocumented designs.

In this work, we expose the cryptographic design and implementation of Android's Hardware-Backed Keystore in Samsung's Galaxy S8, S9, S10, S20, and S21 flagship devices. We reversed-engineered and provide a detailed description of the cryptographic design and code structure, and we unveil severe design flaws. We present an IV reuse attack on AES-GCM that allows an attacker to extract hardware-protected key material, and a downgrade attack that makes even the latest Samsung devices vulnerable to the IV reuse attack. We demonstrate working key extraction attacks on the latest devices. We also show the implications of our attacks on two higher-level cryptographic protocols between the TrustZone and a remote server: we demonstrate a working FIDO2 WebAuthn login bypass and a compromise of Google’s Secure Key Import.

We discuss multiple flaws in the design flow of TrustZone based protocols. Although our specific attacks only apply to the $\approx$100 million devices made by Samsung, it raises the much more general requirement for open and proven standards for critical cryptographic and security designs.

Event date: 23 August to 26 August 2022
Submission deadline: 20 April 2022
Notification: 8 June 2022

Event date: 13 February to 16 February 2022
Submission deadline: 21 February 2022

Event date: 17 October to 19 October 2022
Submission deadline: 3 April 2022
Notification: 19 June 2022

Event date: 7 June to 10 June 2022
Submission deadline: 26 March 2022
Notification: 23 April 2022

Event date: 29 May to 30 May 2022
Submission deadline: 15 March 2022
Notification: 7 April 2022

The Luxembourg Institute of Science and Technology (LIST) is a Research and Technology Organization (RTO) active in the fields of materials, environment and IT. By transforming scientific knowledge into technologies, smart data and tools, LIST empowers citizens in their choices, public authorities in their decisions and businesses in their strategies.

For its recent H2020 project PRECINCT (Cyber-physical security management for critical infrastructures), a research engineer vacancy is immediately available in the TRUST research group at LIST. The duty of this vacancy is mainly to implement a Digital Twins solution in the context of interdependent critical systems (telecommunications and energy).

Closing date for applications:

Contact: Dr. Qiang Tang (qiang.tang@list.lu)

More information: https://app.skeeled.com/offer/62024729a7d5b0db47a87221?language=en&show_description=true

Secure two-party neural network inference (2PC-NN) can offer privacy protection for both the client and the server and is a promising technique in the machine-learning-as-a-service setting. However, the large overhead of the current 2PC-NN in- ference systems is still being a headache, especially when applied to deep neural networks such as ResNet50. In this work, we present Cheetah, a new 2PC-NN inference system that is faster and more communication-efficient than state-of-the-arts. The main contributions of Cheetah are two-fold: the first part includes carefully designed homomorphic encryption-based protocols that can evaluate the linear layers (namely convolution, batch normalization, and fully-connection) without any expensive rotation operation. The second part includes several lean and communication-efficient primitives for the non-linear functions (e.g., ReLU and truncation). Using Cheetah, we present intensive benchmarks over several large-scale deep neural networks. Take ResNet50 for an example, an end- to-end execution of Cheetah under a WAN setting costs less than 2.5 minutes and 2.3 gigabytes of communication, which outperforms CrypTFlow2 (ACM CCS 2020) by about 5.6× and 12.9×, respectively.

Zero-knowledge (ZK) protocols enable one party to prove to others that it knows a fact without revealing any information about the evidence for such knowledge. There exist ZK protocols for all problems in NP, and recent works developed highly efficient protocols for proving knowledge of satisfying assignments to Boolean formulas, circuits and other NP formalisms. This work shows an efficient protocol for the the converse: proving formula *unsatisfiability* in ZK (when the prover posses a non-ZK proof). An immediate practical application is efficiently proving safety of secret programs.

The key insight is to prove, in ZK, the validity of *resolution proofs* of unsatisfiability. This is efficiently realized using an algebraic representation that exploits resolution proofs' structure to represent formula clauses as low-degree polynomials, combined with ZK random-access arguments. Only the proof's dimensions are revealed. We implemented our protocol and used it to prove unsatisfiability of formulas that encode combinatoric problems and program correctness conditions in standard verification benchmarks, including Linux kernel drivers and Intel cryptography modules. The results demonstrate both that our protocol has practical utility, and that its aggressive optimizations, based on non-trivial encodings, significantly improve practical performance.

Lattice and code based hard problems such as Learning With Errors (LWE) or syndrome decoding (SD) form cornerstones of post-quantum cryptography. However, signature schemes built on these assumptions remain rather complicated. Indeed, signature schemes from LWE problems are built on the Fiat-Shamir with abort paradigm with no apparent means for knowledge extraction. On the code side, signature schemes mainly stem from Stern's zero-knowledge identification scheme. However, because of its large soundness error of $2/3$, it is costly to turn into a signature scheme. The latest developments rely on complicated cut-and-choose and multiparty-in-the-head techniques. As a consequence, they apply the Fiat-Shamir transformation on protocols with at least 5 rounds, leading to additional complexity and degraded security parameters. In the present paper, we propose an alternative approach to build a simple zero-knowledge $\Sigma$-protocol with a small soundness error, based on the hardness of Ring-and-Noise assumptions, a general family of assumptions that encompasses both lattices and codes. With such a $\Sigma$-protocol at hand, signatures can directly be derived by invoking the standard Fiat-Shamir transform, without the need for aborts. The main novel tool that allows us to achieve this is the use of specifically tailored locality sensitive hash functions. We outline our schemes for general Ring-and-Noise assumptions and present them in detail for the ring of residues modulo Mersenne numbers endowed with the Hamming metric. This Mersenne setting is ideal to illustrate our schemes, since it is close in spirit to both lattice and code based assumptions.

This paper demonstrates the first side-channel attack on homomorphic encryption (HE), which allows computing on encrypted data. We reveal a power-based side-channel leakage of Microsoft SEAL prior to v3.6 that implements the Brakerski/Fan-Vercauteren (BFV) protocol. Our proposed attack targets the Gaussian sampling in the SEAL’s encryption phase and can extract the entire message with a single power measurement. Our attack works by (1) identifying each coefficient index being sampled, (2) extracting the sign value of the coefficients from control-flow variations, (3) recovering the coefficients with a high probability from data-flow variations, and (4) using a Blockwise Korkine-Zolotarev (BKZ) algorithm to efficiently explore and estimate the remaining search space. Using real power measurements, the results on a RISC-V FPGA implementation of the SEAL (v3.2) show that the proposed attack can reduce the plaintext encryption security level from 2ˆ128 to 2ˆ4.4. Therefore, as HE gears toward real-world applications, such attacks and related defenses should be considered.

We present here the analysis of a new perturbation, that seems to strengthen significantly the security of some families of multivariate schemes. Thanks to this new perturbation, we are indeed able to get interestingly efficient signature and encryption public key schemes, in particular when combining this perturbation to the well known trapdoors HFE and UOV. We present here the best attacks that we know against these variant schemes and we give practical examples of parameters for current standard of security.

Comparisons are a basic component of the commonly used ReLU functions, ever more present in Machine Learning and specifically in Neural Networks. Motivated by the increasing interest on privacy-preserving Artificial Intelligence, we explore the current state of the art of MPC protocols for privacy preserving comparisons. We then introduce constant round variations of these protocols, which are compatible with commonly used fixed point arithmetic MPC protocols, and geared towards realistic ReLU implementations. Furthermore, we provide novel constructions, inspired by other commonly used comparisons, and incorporate state of the art elements. Additionally, we translate these results into practice, using state of the art MPC tools and providing an open source implementation. Finally, we cater for an extensive benchmarking of the described protocols on various adversarial settings, and offer conclusions about their viability when adopted for privacy-preserving Machine Learning.