International Association
for Cryptologic Research

Event date: 29 August to 2 September 2022
Submission deadline: 3 May 2022
Notification: 10 June 2022

Event date: 5 December to 9 December 2022
Submission deadline: 27 May 2022
Notification: 25 August 2022

Medical Data Privacy and Privacy-Preserving ML on Healthcare Data (MDPPML) group at the University of Tübingen is looking for motivated Ph.D. students in the area of Privacy Enhancing Technologies.

Research Topics: Development and analysis of cryptography-based privacy-preserving solutions for real-world healthcare problems. Topics of interest include (but are not limited to): privacy-preserving machine learning, data privacy as well as foundations for real-world cryptography.

Your profile:

• Completed Master's degree (or equivalent) at a top university with excellent grades in computer science, or a similar area.
• Knowledge in applied cryptography/security and machine learning.
• Very good software development skills.
• Self-motivated, reliable, creative, can work independently and want to do excellent research.

The positions are available immediately with an internationally competitive salary (salary level 13 TV-L).

Closing date for applications:

Contact: Dr. Mete Akgün (mete.akguen@uni-tuebingen.de)

Quantum Delta Netherlands has started a large national project in support of quantum technologies. The Catalyst-2 (CAT2) subproject concentrates on the development of quantum key distribution and "Quantum Internet" applications.
The department of Mathematics and Computer Science at TU Eindhoven has a postdoc vacancy for theoretical work in CAT2. The research will concentrate on

• theory related to the Quantum Key Distribution testbed under development in Eindhoven;
• quantum cryptography beyond QKD, e.g. key recycling, unclonable encryption, unclonable credentials, quantum PUFs etc.

The project has good opportunities for collaboration with other departments at TU Eindhoven and with other Dutch universities. Job requirements We are looking for candidates with a PhD in cryptography, theoretical physics, or mathematics, and preferably a background in quantum cryptography or post-quantum cryptography.

Closing date for applications:

Contact: Boris Skoric

More information: https://jobs.tue.nl/en/vacancy/postdoc-cat2-quantum-protocols-910938.html

Technology Innovation Institute (TII) is a recently-established publicly-funded research institute in Abu Dhabi (UAE). It is home to a diverse community of leading scientists and engineers from across the globe.

Job Description

We are looking for permanent researchers to join the Cryptographic Protocols team within the Cryptography Research Center (CRC) at TII. The main aim of the team is to conduct applied academic research in areas relating to cryptographic protocols, such as: TLS, QUIC, Tor, Key Exchange, Secure Channels, Cryptographic Primitives, Privacy Enhancing Technologies, MLS and Secure Messaging, Probabilistic Data Structures in Adversarial Environments, and Blockchain-Related Technologies. The nature of the research spans both theory and practice, covering aspects such as provable security, security models, efficient designs, implementation aspects, and attacks.

Applicants should have completed (or be close to completing) their PhD in a related area and preferably have postdoctoral research experience. Preference will be given to applicants with publications in top-tier venues such as CRYPTO, EUROCRYPT, ASIACRYPT, ACM CCS, IEEE S&P, and USENIX.

Required Skills:

• Fluency in English (verbal and written) and an ability to communicate research effectively.
• Good problem-solving skills and an ability to conduct research independently.
• Good interpersonal and collaborative skills.
• Solid knowledge in cryptography.

Valuable Skills:

• Strong background in Mathematics and/or Computer Science.
• Programming, Software Engineering, experience in implementing cryptographic primitives and attacks on real-world cryptosystems, reverse engineering of closed-source protocols.
• Experience in analyzing protocol standards and specifications.

What we offer:

• Vibrant working environment, flexible working conditions, and travel funding.
• Industry-competitive tax-free salary.
• Family-wide health insurance and children’s education allowance.
• Sunshine all year round.

Closing date for applications:

Contact:

• Contact Jean Paul Degabriele (jeanpaul.degabriele@tii.ae) for information relating to research and work environment.
• To apply send your CV to Mehdi Messaoudi (mehdi.messaoudi@tii.ae) - Talent Acquisition Manager.

More information: https://www.tii.ae/cryptography

A Ph.D. position is available in the Cryptology and Data Security research group at the Institute of Computer Science, University of Bern, led by Christian Cachin.

https://crypto.unibe.ch/

Our research addresses all aspects of security in distributed systems, especially cryptographic protocols, consistency, consensus, and cloud-computing security. We are particularly interested in blockchains, distributed ledger technology, cryptocurrencies, and their security and economics.

Candidates should have a strong background in computer science. They should like conceptual, rigorous thinking for working theoretically, or be interested in building innovative systems for working practically. Demonstrated expertise in cryptography, distributed computing, or blockchain technology is a plus. Applicants must hold a master degree in the relevant research fields.

Positions are available starting immediately and come with a competitive salary. The selection process runs until suitable candidates have been found. The University of Bern conducts excellent research and lives up its vision that “Knowledge generates value”. The city of Bern lies in the center of Switzerland and offers some of the highest quality of life worldwide.

If you are interested, please apply be sending email with one single PDF file and subject line set to Application for Ph.D., addressed directly to Prof. Christian Cachin at crypto (at) inf.unibe.ch.

Since we receive many applications, we encourage you to include material that demonstrates your interests and strengths and sets you apart from others.

Closing date for applications:

Contact: Christian Cachin (https://crypto.unibe.ch/cc/)

More information: https://crypto.unibe.ch/jobs/

Cryspen is looking for a cryptography engineer to help maintain and build high assurance cryptographic software.

You will start out maintaining and extending the Cryspen HACL packages, a portable crypto library in C with Rust, OCaml, and JavaScript bindings, which is built on top of the HACL* verified cryptography from Inria and Microsoft Research. Later you will be primarily implementing new cryptographic primitives and protocols in Rust, ranging from secure multi party computation to post quantum cryptography.

Writing and maintaining cryptography is a delicate task that requires attention to detail and the utmost care; Cryspen's formally verified cryptography even more so. As an ideal candidate you are therefore able to handle highly sensitive and highly detailed tasks.

If you have experience with open source projects, that’s great but not necessary.

We expect that you understand the basics of all involved technologies and concepts. However, we especially invite you to apply if you are an early career professional or a recent graduate.

Closing date for applications:

Contact: job-application@cryspen.com

More information: https://docs.google.com/document/d/1WWplyJxIBXEEEyUZp5TFzuRYE5Vmn308NUIwe65oerE

We are looking for a bright and motivated PhD student to work in the topics of information security and applied cryptography. The student is expected to work on topics that include security and privacy issues in authentication and delegation of computations. More precisely, the student will be working on investigating efficient and privacy-preserving authentication that provides: i) provable security, and ii) rigorous privacy guarantees.
Key Responsibilities:

• Perform exciting and challenging research in the domain of information security and cryptography.
• Support and assist in teaching computer security and cryptography courses.

Your profile:

• The PhD student is expected to have a MSc degree or equivalent, and strong background in cryptography, network security and mathematics;
• Experience in one or more domains such as cryptography, design of protocols, secure multi-party computation and differential privacy is beneficial;
• Excellent programming skills;
• Excellent written and verbal communication skills in English.

Deadline: 31 March 2022

Closing date for applications:

Contact: Prof. Katerina Mitrokotsa

More information: https://jobs.unisg.ch/offene-stellen/funded-phd-student-in-applied-cryptography-privacy-preserving-biometric-authentication-m-w-d/f37432ea-597b-458f-a150-35b270e56b56

We are looking for an experienced and motivated cryptography engineer to support that cybersecurity group at the school of computer science at the University of St. Gallen. More precisely, we are looking for a cryptography engineer who will be responsible for:

• Development and implementation of concepts and research results, both individually and in collaboration with researchers and PhD students,
• Run of experiments and simulation of realistic conditions to test the performance of developed algorithms and protocols,
• Development, maintenance and organization of software

Your profile:

• The successful applicant is expected to hold or to be about to receive a M.Sc. degree in Computer Science, Electrical Engineering, Applied Mathematics or similar fields, preferably with a focus in Security and Privacy for Computer Science Systems.
• We are looking for a strongly motivated and self-driven person who is able to work and learn new things independently.
• Good command of English is required.
• You should have a good academic track record and well developed analytical and problem solving skills.
• Excellent programming skills and familiarity with cryptographic libraries.
• Previous experience in implementation projects with C++, Matlab/Simulink, Python is desired.

Deadline: 31 March 2022

Closing date for applications:

Contact: Prof. Katerina Mitrokotsa

More information: https://jobs.unisg.ch/offene-stellen/cryptography-engineer-m-w-d/4b359260-67ae-42af-a931-4cb7d9bcce9d

We provide the first mechanized post-quantum sound security protocol proofs. We achieve this by developing PQ-BC, a computational first-order logic that is sound with respect to quantum attackers, and corresponding mechanization support in the form of the PQ-Squirrel prover. Our work builds on the classical BC logic [Bana,Comon,CCS14] and its mechanization in the Squirrel prover [BDJKM,S&P21]. Our development of PQ-BC requires making the BC logic sound for a single interactive quantum attacker. We implement the PQ-Squirrel prover by modifying Squirrel , relying on the soundness results of PQ-BC and enforcing a set of syntactic conditions; additionally, we provide new tactics for the logic that extend the tool’s scope. Using PQ-Squirrel , we perform several case studies, thereby giving the first mechanical proofs of their computational post- quantum security. These include two generic constructions of KEM based key exchange, two sub-protocols from IKEv1 and IKEv2, and a proposed post-quantum variant of Signal’s X3DH protocol. Additionally, we use PQ-Squirrel to prove that several classical Squirrel case-studies are already post-quantum sound. We provide the sources of PQ-Squirrel and all our models for reproducibility, as well as a long version of this paper with full details.

We show a general method of compiling any $k$-prover non-local game into a single-prover interactive game maintaining the same (quantum) completeness and (classical) soundness guarantees (up to negligible additive factors in a security parameter). Our compiler uses any quantum homomorphic encryption scheme (Mahadev, FOCS 2018; Brakerski, CRYPTO 2018) satisfying a natural form of correctness with respect to auxiliary (quantum) input. The homomorphic encryption scheme is used as a cryptographic mechanism to simulate the effect of spatial separation, and is required to evaluate $k-1$ prover strategies (out of $k$) on encrypted queries.

In conjunction with the rich literature on (entangled) multi-prover non-local games starting from the celebrated CHSH game (Clauser, Horne, Shimonyi and Holt, Physical Review Letters 1969), our compiler gives a broad framework for constructing mechanisms to classically verify quantum advantage.

At ASIACRYPT 2021, Liu et al. pointed out a weakness of the Rasta-like ciphers neglected by the designers. The main strategy is to construct exploitable equations of the $n$-bit $\chi$ operation denoted by $\chi_n$. However, these equations are all obtained by first studying $\chi_n$ for small $n$. In this note, we demonstrate that if the explicit formula of the inverse of $\chi_n$ denoted by $\chi_n^{-1}$ is known, all these exploitable equations would have been quite obvious and the weakness of the Rasta-like ciphers could have been avoided at the design phase. However, the explicit formula of $\chi_n^{-1}$ seems to be not well-known and the most relevant work was published by Biryukov et al. at ASIACRYPT 2014. In this work, we give a very simple formula of $\chi_n^{-1}$ that can be written down in only one line and we prove its correctness in a rigorous way. Based on its formula, the formula of exploitable equations for Rasta-like ciphers can be easily derived and therefore more exploitable equations are found.

Simple but mission-critical internet-based applications that require extremely high reliability, availability, and verifiability (e.g., auditability) could benefit from running on robust public programmable blockchain platforms such as Ethereum. Unfortunately, program code running on such blockchains is normally publicly viewable, rendering these platforms unsuitable for applications requiring strict privacy of application code, data, and results. In this work, we investigate using MPC techniques to protect the privacy of a blockchain computation. While our main goal is to hide both the data and the computed function itself, we also consider the standard MPC setting where the function is public. We describe GABLE (Garbled Autonomous Bots Leveraging Ethereum), a blockchain MPC architecture and system. The GABLE architecture specifies the roles and capabilities of the players. GABLE includes two approaches for implementing MPC over blockchain: Garbled Circuits (GC), evaluating universal circuits, and Garbled Finite State Automata (GFSA). We formally model and prove the security of GABLE implemented over garbling schemes, a popular abstraction of GC and GFSA from (Bellare et al, CCS 2012). We analyze in detail the performance (including Ethereum gas costs) of both approaches and discuss the trade-offs. We implement a simple prototype of GABLE and report on the implementation issues and experience.

Attribute-based Signatures (ABS) allow users to obtain attributes from issuing authorities, and sign messages whilst simultaneously proving compliance of their attributes with a verification policy. ABS demands that both the signer and the set of attributes used to satisfy a policy remain hidden to the verifier. Hierarchical ABS (HABS) supporting roots of trust and delegation were recently proposed to alleviate scalability issues in centralised ABS schemes.

An important yet challenging property for privacy-preserving ABS is revocation, which may be applied to signers or some of the attributes they possess. Existing ABS schemes lack efficient revocation of either signers or their attributes, relying on generic costly proofs.Moreover, in HABS there is a further need to support revocation of authorities on the delegation paths, which is not provided by existing HABS constructions.

This paper proposes a direct HABS scheme with a Verifier-Local Revocation (VLR) property. We extend the original HABS security model to address revocation and develop a new attribute delegation technique with appropriate VLR mechanism for HABS, which also implies the first ABS scheme to support VLR. Moreover, our scheme supports inner-product signing policies, offering a wider class of attribute relations than previous HABS schemes, and is the first to be based on lattices, which are thought to offer post-quantum security.

Side Channel Attacks (SCAs), an attack that exploits the physical information generated when an encryption algorithm is executed on a device to recover the key, have become one of the key threats to the security of encrypted devices. Recently, with the development of deep learning, deep learning techniques have been applied to side channel attacks with good results on publicly available dataset experiences. In this paper, we propose a power tracking decomposition method that divides the original power tracking into two parts, where the data-influenced part is defined as data power tracking and the other part is defined as device constant power tracking, and use the data power tracking for training the network model, which has more obvious advantages than using the original power tracking for training the network model. To verify the effectiveness of the approach, we evaluated the ATxmega128D4 microcontroller by capturing the power traces generated when implementing AES-128. Experimental results show that network models trained using data power traces outperform network models trained using raw power traces in terms of classification accuracy, training time, cross-subkey recovery key and cross-device recovery key.

Verifiable secret sharing (VSS) is a fundamental tool of cryptography and distributed computing in Internet of things (IoTs). Since network bandwidth is a scarce resource, minimizing the number of verification data will improve the performance of VSS. Existing VSS schemes, however, face limitations in meeting the number of verification data and energy consumptions for low-end devices, which make their adoption challenging in resource-limited IoTs. To address above limitations, we propose a VSS scheme according to Nyberg’s oneway accumulator for one-way hash functions (NAHFs). The proposed scheme has two distinguished features: first, the security of the scheme is based on NAHFs whose computational requirements are the basic criteria for known IoT devices and, second, upon receiving only one verification data, participants can verify the correctness of both their shares and the secret without any communication. Experimental results demonstrate that, compared to the Feldman scheme and Rajabi-Eslami scheme, the energy consumption of a participant in the proposed scheme is respectively reduced by at least 24% and 83% for a secret.

The ever-increasing usage and application of system-on-chips (SoCs) has resulted in the tremendous modernization of these architectures. For a modern SoC design, with the inclusion of numerous complex and heterogeneous intellectual properties (IPs), and its privacy-preserving declaration, there exists a wide variety of highly sensitive assets. These assets must be protected from any unauthorized access and against a diverse set of attacks. Attacks for obtaining such assets could be accomplished through different sources, including malicious IPs, malicious or vulnerable firmware/software, unreliable and insecure interconnection and communication protocol, and side-channel vulnerabilities through power/performance profiles. Any unauthorized access to such highly sensitive assets may result in either a breach of company secrets for original equipment manufactures (OEM) or identity theft for the end-user. Unlike the enormous advances in functional testing and verification of the SoC architecture, security verification is still on the rise, and little endeavor has been carried out by academia and industry. Unfortunately, there exists a huge gap between the modernization of the SoC architectures and their security verification approaches. With the lack of automated SoC security verification in modern electronic design automation (EDA) tools, we provide a comprehensive overview of the requirements that must be realized as the fundamentals of the SoC security verification process in this paper. By reviewing these requirements, including the creation of a unified language for SoC security verification, the definition of security policies, formulation of the security verification, etc., we put forward a realization of the utilization of self-refinement techniques, such as fuzz, penetration, and AI testing, for security verification purposes. We evaluate all the challenges and resolution possibilities, and we provide the potential approaches for the realization of SoC security verification via these self-refinement techniques.

The goal of this paper is to improve the efficiency and applicability of straightline extraction techniques in the random oracle model. Straightline extraction in the random oracle model refers to the existence of an extractor, which given the random oracle queries made by a prover $P^*(x)$ on some theorem $x$, is able to produce a witness $w$ for $x$ with roughly the same probability that $P^*$ produces a verifying proof. This notion applies to both zero-knowledge protocols and verifiable computation where the goal is compressing a proof.

Pass (CRYPTO '03) first showed how to achieve this property for NP using a cut-and-choose technique which incurred a $\lambda^2$-bit overhead in communication where $\lambda$ is a security parameter. Fischlin (CRYPTO '05) presented a more efficient technique based on ``proofs of work'' that sheds this $\lambda^2$ cost, but only applies to a limited class of Sigma Protocols with a ``quasi-unique response'' property, which for example, does not necessarily include the standard OR composition for Sigma protocols.

With Schnorr/EdDSA signature aggregation as a motivating application, we develop new techniques to improve the computation cost of straight-line extractable proofs. Our improvements to the state of the art range from 70X--200X for the best compression parameters. This is due to a uniquely suited polynomial evaluation algorithm, and the insight that a proof-of-work that relies on multicollisions and the birthday paradox is faster to solve than inverting a fixed target.

Our collision based proof-of-work more generally improves the Prover's random oracle query complexity when applied in the NIZK setting as well. In addition to reducing the query complexity of Fischlin's Prover, for a special class of Sigma protocols we can for the first time closely match a new lower bound we present.

Finally we extend Fischlin's technique so that it applies to a more general class of strongly-sound Sigma protocols, which includes the OR composition. We achieve this by carefully randomizing Fischlin's technique---we show that its current deterministic nature prevents its application to certain multi-witness languages.

Onion routing is a popular approach towards anonymous communication. Practical implementations are widely used (for example, Tor has millions of users daily), but are vulnerable to various traffic correlation attacks, and the theoretical foundations, despite recent progress, still lag behind. In particular, all works that model onion routing protocols and prove their security only address a single run, where each party sends and receives a single message of fixed length, once. Moreover, they all assume a static network setting, where the parties are stable throughout the lifetime of the protocol. In contrast, real networks have a high rate of churn (nodes joining and exiting the network), real users want to send multiple messages, and realistic adversaries may observe multiple runs of the protocol.

In this paper, we initiate a formal treatment of onion routing in a setting with multiple runs over a dynamic network with churn. We provide the following contributions.

-We define the cryptographic primitive of poly onion encryption, which is appropriate for a setting with churn. This primitive is inspired by duo onions, introduced by Iwanik, Klonowski, and Kutylowski (Communications and Multimedia Security, 2005) towards improving onion delivery rate. We generalize the idea, change it to add auxiliary helpers towards supporting better security, and propose formal definitions.

-We construct an instantiation of poly onion encryption based on standard cryptographic primitives (CCA secure public key encryption with tags, PRP, MAC, and secret sharing). Our construction is secure against an active adversary, and is parameterized to allow flexible instantiations supporting a range of corruption thresholds and churn limits.

-We formally model anonymous onion routing for multiple runs in the setting with churn, including a definition of strong anonymity, where the adversary has CCA-like access to oracles for generating and processing onions.

-We prove that if an onion routing protocol satisfies a natural condition we define ("simulatability"), then strong single-run anonymity implies strong multiple-run anonymity. This condition is satisfied by existing onion routing schemes, such as the $\Pi_p$ protocol of Ando, Lysyanskaya, and Upfal (ICALP 2018). As a consequence, these schemes are anonymous also for multiple runs (although not when there is churn).

-We provide an anonymous routing protocol, "Poly $\Pi_p$," and prove that it is anonymous in the setting with churn, against a passive adversary. We obtain this construction by using an instance of our poly onion encryption within the $\Pi_p$ protocol.

As a common consensus mechanism used in blockchain systems, DPoS uses voting to select committee members who will generate the corresponding blocks. In order to elect committee members as fairly as possible, the vague sets are introduced into the voting phase of DPoS. In the vague sets based model proposed by Xu et al., the voting nodes can vote for, oppose or abstain from it. In this paper, we improve this vague set based model by introducing a new mapping from the vague set to fuzzy set and considering the case that each voting node is assigned a weight. In addition, several nice properties of our improved model are proved and it makes the voting phase of DPoS more fair.