International Association
for Cryptologic Research

We revisit and improve performance of arithmetic in the binary GLS254 curve by introducing the 2D-GLS scalar multiplication algorithm. The algorithm includes theoretical and practice-oriented contributions of potential independent interest: (i) for the first time, a proof that the GLS scalar multiplication algorithm does not incur exceptions, such that faster incomplete formulas can be used; (ii) faster dedicated atomic formulas that alleviate the cost of precomputation; (iii) a table compression technique that reduces the storage needed for precomputed points; (iv) a refined constant-time scalar decomposition algorithm that is more robust to rounding. We also present the first GLS254 implementation for Armv8. With our contributions, we set new speed records for constant-time scalar multiplication by $6\%$ and $34.5\%$ on respectively 64-bit Intel and Arm platforms.

Lightweight cryptography ensures cryptography applications to devices with limited resources. Low-area implementations of linear layers usually play an essential role in lightweight cryptography. The previous works have provided plenty of methods to generate low-area implementations using 2-input xor gates for various linear layers. However, it is still challenging to search for smaller implementations using two or more inputs xor gates. This paper, inspired by Banik et al., proposes a novel approach to construct a quantity of lower area implementations with (n+1)-input gates based on the given implementations with n-input gates. Based on the novel algorithm, we present the corresponding search algorithms for n=2 and n=3, which means that we can efficiently convert an implementation with 2-input xor gates and 3-input xor gates to lower-area implementations with 3-input xor gates and 4-input xor gates, respectively.

We improve the previous implementations of linear layers for many block ciphers according to the area with these search algorithms. For example, we achieve a better implementation with 4-input xor gates for AES MixColumns, which only requires 243 GE in the STM 130 nm library, while the previous public result is 258.9 GE. Besides, we obtain better implementations for all 5500 lightweight matrices proposed by Li et al. at FSE 2019, and the area for them is decreased by about 21% on average.

Recently, there has been great interest towards constructing efficient zero-knowledge proofs for practical languages. In this work, we focus on proofs for threshold relations, in which the prover is required to prove knowledge of witnesses for $k$ out of $\ell$ statements.

The main contribution of our work is an efficient and modular transformation that starting from a large class of $\Sigma$-protocols and a corresponding threshold relation $\mathcal{R}_\mathsf{k,\ell}$, provides an efficient $\Sigma$-protocol for $\mathcal{R}_\mathsf{k,\ell}$ with improved communication complexity w.r.t. prior results. Moreover, our transformation preserves statistical/perfect honest-verifier zero knowledge.

Automatic tools to search for boomerang distinguishers have seen significant advances over the past few years. However, most of the previous works in this context focus on ciphers based on a Substitution Permutation Network (SPN), while analyzing the Feistel structure is of great significance. Although Boukerrou et al. provided a theoretical framework to formulate the boomerang switch over multiple Feistel rounds very recently, they did not provide an automatic tool to search for boomerang distinguishers of Feistel structures taking the switching effect into account. In this paper, by enhancing the recently proposed method to search for boomerang distinguishers by Hadipour et al., we provide an automatic tool to search for boomerang distinguishers and apply it to block ciphers following the Generalized Feistel Structure (GFS). Applying our tool to a wide range of GFS ciphers, we show that it yields a significant improvement compared to the best previous results concerning boomerang analysis. In particular, we improve the best previous boomerang distinguishers for 20 and 21 rounds of WARP by a factor of $2^{38.28$ and $2^{36.56$, respectively. Thanks to the effectiveness of our method, we even improve the boomerang distinguishers of WARP by two rounds and distinguish 23 rounds of this cipher from a random permutation. Applying our method to the internationally-standardized cipher CLEFIA, we achieve a 9-round boomerang distinguisher which improves the best previous boomerang distinguisher by one round. Furthermore, based on this distinguisher, we build a key-recovery attack on 11 rounds of CLEFIA, which improves the best previous sandwich attack on this cipher by one round. We also apply our method to LBlock, LBlock-s, and TWINE and improve the best previous boomerang distinguisher of these ciphers.

We propose MoNet, the first bi-directional payment channel network with unlimited lifetime for Monero. It is fully compatible with Monero without requiring any modification of the current Monero blockchain. MoNet preserves transaction fungibility, i.e., transactions over MoNet and Monero are indistinguishable, and guarantees anonymity of Monero and MoNet users by avoiding any potential privacy leakage introduced by the new payment channel network. We also propose a new crypto primitive, named Verifiable Consecutive One-way Function (VCOF). It allows one to generate a sequence of statement-witness pairs in a consecutive and verifiable way, and these statement-witness pairs are one-way, namely it is easy to compute a statement-witness pair by knowing any of the pre-generated pairs, but hard in an opposite flow. By using VCOF, a signer can produce a series of consecutive adaptor signatures CAS. We further propose the generic construction of consecutive adaptor signature as an important building block of MoNet. We develop a proof-of-concept implementation for MoNet, and our evaluation shows that MoNet can reach the same transaction throughput as Lightning Network, the payment channel network for Bitcoin. Moreover, we provide a security analysis of MoNet under the Universal Composable (UC) security framework.

Replay attacks are among the most well-known attacks against vote privacy. Many e-voting systems have been proven vulnerable to replay attacks, including systems like Helios that are used in real practical elections.

Despite their popularity, it is commonly believed that replay attacks are inefficient but the actual threat that they pose to vote privacy has never been studied formally. Therefore, in this paper, we precisely analyze for the first time how efficient replay attacks really are.

We study this question from commonly used and complementary perspectives on vote privacy, showing as an independent contribution that a simple extension of a popular game-based privacy definition corresponds to a strong entropy-based notion.

Our results demonstrate that replay attacks can be devastating for a voter's privacy even when an adversary's resources are very limited. We illustrate our formal findings by applying them to a number of real-world elections, showing that a modest number of replays can result in significant privacy loss. Overall, our work reveals that, contrary to a common belief, replay attacks can be very efficient and must therefore be considered a serious threat.

In this paper, we propose a new approach to the study of lattice problems used in cryptography. We specifically focus on module lattices of a fixed rank over some number field. An essential question is the hardness of certain computational problems on such module lattices, as the additional structure may allow exploitation. The fundamental insight is the fact that the collection of those lattices are quotients of algebraic manifolds by arithmetic subgroups. Functions on these spaces are studied in mathematics as part of number theory. In particular, those form a module over the Hecke algebra associated with the general linear group. We use results on these function spaces to define a class of distributions on the space of lattices. Using the Hecke algebra, we define Hecke operators associated with collections of prime ideals of the number field and show a criterion on distributions to converge to the uniform distribution, if the Hecke operators are applied to the chosen distribution. Our approach is motivated by the work of de Boer, Ducas, Pellet-Mary, and Wesolowski (CRYPTO'20) on self-reduction of ideal lattices via Arakelov divisors.

Symbolic security protocol verifiers have reached a high degree of automation and maturity. Today, experts can model real-world protocols, but this often requires model-specific encodings and deep insight into the strengths and weaknesses of each of those tools. With Sapic+ , we introduce a protocol verification platform that lifts this burden and permits choosing the right tool for the job, at any development stage. We build on the existing compiler from Sapic to Tamarin, and extend it with automated translations from Sapic+ to ProVerif and DeepSec, as well as powerful, protocol-independent optimizations of the existing translation. We prove each part of these translations sound. A user can thus, with a single Sapic+ file, verify reachability and equivalence properties on the specified protocol, either using ProVerif, Tamarin or DeepSec. Moreover, the soundness of the translation allows to directly assume results proven by another tool which allows to exploit the respective strengths of each tool. We demonstrate our approach by analyzing various existing models. This includes a large case study of the 5G authentication protocols, reviously analyzed in Tamarin. Encoding this model in Sapic+ we demonstrate the effectiveness of our approach. Moreover, we study four new case studies: the LAKE and the Privacy-Pass [20] protocols, both under standardization, the SSH protocol with the agent-forwarding feature, and the recent KEMTLS [45] protocol, a post-quantum version of the main TLS key exchange.

Technology Innovation Institute (TII) is a publicly funded research institute, based in Abu Dhabi, United Arab Emirates. It is home to a diverse community of leading scientists, engineers, mathematicians, and researchers from across the globe, transforming problems and roadblocks into pioneering research and technology prototypes that help move society ahead.

Cryptography Research Centre

In our connected digital world, secure and reliable cryptography is the foundation of digital information security and data integrity. We address the world’s most pressing cryptographic questions. Our work covers post-quantum cryptography, lightweight cryptography, cloud encryption schemes, secure protocols, quantum cryptographic technologies and cryptanalysis.

Position: Cryptography / Cybersecurity Engineer

Analyze project requirements and provide technical and functional recommendations

Implement cryptographic libraries and security frameworks

Design and implement building blocks for cloud computing and machine learning applications

Skills required for the job

Knowledge on cryptography and cybersecurity

2+ years of work experience. (Senior Position also available for 5+ years experience)

Excellent with C, C++, Python, (JAVA and Rust will be valuable as well)

Solid engineering practices and processes, such as development and testing methodology and documentation (experience with tools Git, JIRA, SonarQube is valuable)

Excellent with multi-tasking

Knowledge in some of the following topics will be valuable: Edge / Cloud computing - Machine learning - Identity Management - Secure protocols

Quick learner, geared towards implementation. Eager to develop new skills and willing to take ownership of projects

Qualifications

MSc or PhD degree in Cryptography, Applied Cryptography, Cybersecurity, Mathematics or Computer Science

Closing date for applications:

Contact:

Mehdi Messaoudi - Talent Acquisition Manager
Email: mehdi.messaoudi@tii.ae

More information: https://www.tii.ae/cryptography

The Cryptanalysis Taskforce at Nanyang Technological University in Singapore led by Prof. Jian Guo is seeking for candidates to fill several post-doctoral research fellow positions on symmetric-key cryptography. Topics include but are not limited to the following sub-areas:

• tool aided cryptanalysis, such as MILP, CP, STP, and SAT
• machine learning aided cryptanalysis and designs
• privacy-preserving friendly symmetric-key designs
• quantum cryptanalysis
• provable security
• cryptanalysis against SHA-2, SHA-3, and AES
• threshold cryptography

Established in 2014, the Cryptanalysis Taskforce is a group comprising of about ten PostDoc and PhD student members currently dedicated for research in symmetric-key cryptography. Since establishment, the team has been active in both publications in and services for IACR. It has done quite some cryptanalysis work on various important targets such as SHA-3 and AES, and is expanding its interests to the areas mentioned above, with strong funding support from the university, industry partners, and government agencies in Singapore. We offer globally competitive salary package with extremely low tax (around 5%), as well as excellent environment dedicating for top-venues publication orientated research in Singapore. The contract will be initially for one year, and has the possibility to be extended. Candidates are expected to have proven record of publications in IACR conferences (Asiacrypt, Crypto, Eurocrypt). Interested candidates are to send their CV and 2 reference letters to Jian Guo. Review of applicants will start immediately until the positions are filled. More information about the Cryptanalysis Taskforce research group can be found via https://team.crypto.sg

Closing date for applications:

Contact: Jian Guo, guojian@ntu.edu.sg, with subject [IACR-CATF]

More information: https://team.crypto.sg

University of Primorska (UP FAMNIT) is offering one fully-funded PhD scholarship at the Center of Cryptography under the supervision of Prof. Enes Pasalic, PhD. Research topics include Boolean functions with high nonlinearity (bent functions, AB functions, planar functions,…), linear codes, and cryptanalysis (classical and quantum).

Closing date for applications:

Contact: enes.pasalic@famnit.upr.si and nastja.cepak@iam.upr.si

More information: https://kripto.famnit.upr.si/post/yr2022/

The Ruhr area, one of Europe‘s largest metropolitan regions, is home of the University Alliance Ruhr (UAR) with 120,000 students and 14,000 researchers. In 2021, the UAR established the Research Center Trustworthy Data Science and Security (RC Trust) to enable research that connects psychology, computer science, statistics and cyber security at the intersection of technology, humans and society. The Research Center is seeking to fill the following position at the Faculty of Computer Science, Ruhr-University Bochum, Germany: Associate or Full Professorship for Fairness and Transparency (Open Rank). We welcome applicants with a strong interest in interdisciplinary research. Candidates should have an excellent track record in at least one of the following areas:

• Trustworthy Machine Learning for Privacy & Security
• FAccT (Fairness, Accountability, Transparency)
• Technology Policy, Privacy Law & Data Science
• Ethics & AI
• Human-AI Collaborative Decision Making.

The professorship will be associated with the Cluster of Excellence „CASA: Cyber Security in the Age of Large-Scale Adversaries“. In addition, we encourage collaboration with the Max Planck Institute for Security and Privacy. Appointments will be made for full professorship, or as assistant/associate professorship with tenure track to full professorship. Salaries and working conditions are internationally competitive and come with a status as civil servant. Full professorships are chair positions with phd/postdoc positions, a secretary and start up package (all negotiable). The official job add can be found here: https://www.academics.de/jobs/professorship-open-rank-w3-or-w2-tenure-track-to-w3-for-fairness-and-transparency-research-alliance-ruhr-the-research-center-trustworthy-data-science-and-security-rc-trust-bochum-1061412 . Applications are requested by July 29, 2022 to: career@casa.rub.de. Questions will be answered by Prof. Christof Paar. https://www.informatik.rub.de/en http://www.rc-trust.ai/

Closing date for applications:

Contact: Prof. Christof Paar

More information: https://www.informatik.rub.de/en

The Ruhr area, one of Europe‘s largest metropolitan regions, is home of the University Alliance Ruhr (UAR) with a community of 120,000 students and 14,000 researchers. In 2021, the UAR established the Research Center Trustworthy Data Science and Security (RC Trust) to enable research that connects psychology, computer science, statistics and cyber security at the intersection of technology, humans and society. The Research Center is seeking to fill the following position at the Faculty of Computer Science, Ruhr-University Bochum, Germany: Associate or Full Professorship for Computing and Society (Open Rank). We welcome applicants with a strong interest in interdisciplinary research. Candidates should have an excellent track record in at least one of the following areas:

• Computational Social Science
• Social Computing and Computing Mediated Collaborative Work
• Economics & Incentives in Computing and Privacy
• Usable Security.

The professorship will be associated with the Faculty of Computer Science and the Cluster of Excellence „CASA: Cyber Security in the Age of Large-Scale Adversaries“. In addition, we encourage collaboration with the Max Planck Institute for Security and Privacy. Appointments will be made for full professorship, or assistant/associate professorship with tenure track to full professorship. Salaries and working conditions are internationally very competitive and come with a status as civil servant. Full professorships are chair positions with phd/postdoc positions, a secretary and start up package (all negotiable). The official job add can be found here: https://www.academics.de/jobs/professorship-open-rank-w3-or-w2-tenure-track-to-w3-for-computing-and-society-research-alliance-ruhr-the-research-center-trustworthy-data-science-and-security-rc-trust-bochum-1061414 . Applications are requested by July 29, 2022 to: career@casa.rub.de. Questions will be answered by Prof. Christof Paar. https://www.informatik.rub.de/en http://www.rc-trust.ai/

Closing date for applications:

Contact: Prof. Christof Paar

More information: https://www.informatik.rub.de/en

This is an exciting opportunity to join the University of Birmingham’s Centre for Cyber Security and Privacy on the EPSRC-funded project ‘CAP-TEE: Capability Architectures in Trusted Execution’.

In this project, we use capability architectures (as e.g. developed by the CHERI project) to protect TEEs against such state-of-the-art attacks. We address a wide range of threats from software vulnerabilities such as buffer overflows to sophisticated hardware attacks like fault injection. CAP-TEE will provide a strong, open-source basis for the future generation of more secure TEEs.

You'll be working on state-of-the-art hardware prototypes like the ARM Morello board.

We're looking for a candidate with a PhD or equivalent industry experience e.g. in cyber security, computer science, or electrical engineering. You should have strong experience in writing system level or low-level code in programming languages such as C, C++, or Rust. Experience in a relevant area such as embedded systems, automotive security, binary analysis, or fuzzing would be a strong asset.

For informal enquiries, contact Prof David Oswald (d.f.oswald@bham.ac.uk). To apply online until 30 June 2022, use the following URL:
https://bham.taleo.net/careersection/external/jobdetail.ftl?job=2200011F&tz=GMT%2B01%3A00&tzname=Europe%2FLondon

Closing date for applications:

Contact: Prof David Oswald
Email: d.f.oswald@bham.ac.uk
Twitter: @sublevado

More information: https://bham.taleo.net/careersection/external/jobdetail.ftl?job=2200011F&tz=GMT%2B01%3A00&tzname=Europe%2FLondon

We are looking for a highly motivated candidate with proven skills in security and privacy-preserving machine learning to work on a research project funded by FNR (Luxembourg) and ANR (France). The ongoing deployment of new communication technologies related to 5G opens new doors to the implementation of cooperative, connected and automated mobility applications. However, more time is needed before all these technologies are fully deployed and with a satisfactory level of security and privacy. This is even more critical in cross-border areas such as between Luxembourg and France, where a large number of attacks (e.g., related to roaming) may arise. In this context, the main mission of the candidate will be to design and evaluate machine learning based attack detection solutions based on network traffic data generated by a vehicular network (V2X).

The position is initially for one year and can be extended to more years, with a possibility to become a permanent one. More information is here: https://app.skeeled.com/offer/626f93074cdf6edb5e80e400?utm_id=60fed4c509c80d16d1bbe536&utm_medium=OFFERS_PORTAL&language=en&show_description=true

Closing date for applications:

Contact: Dr. Qiang Tang (qiang.tang@list.lu)

Job Description

The interdisciplinary research group SECUSO (Security - Usability - Society) is offering a research associate position. The research group is active in various areas of Human Factors in Security & Privacy. Awareness and training measures as well as usable tools and interfaces are designed, developed, and evaluated. To this end, various – primarily empirical – methods are used as part of the “Human Centered Security & Privacy by Design” approach. Current topics include cookie banners, authentication on AR/VR glasses, verifiable online voting systems, notification studies, security UI patterns, and explainability of security solutions and guarantees.

You will conduct research in the field of Human Factors in Security & Privacy. This includes, for example, the conducting interviews, focus groups, online/laboratory or field studies. The results of your research will then be published and presented at international conferences. In addition to research work, you will also be involved in teaching activities and scientific administration, which also includes the organization of events.

Personal Qualification

You have a degree (Master/Diploma (University)) in computer science, business informatics, media informatics, industrial engineering, mathematics, communication sciences, psychology, or related areas. You have attended lectures on security or usability and you are interested in the research area Human Factors in Security & Privacy and have already gained experience in interdisciplinary work. Furthermore, you convince with a high level of self-motivation and the ability to work in a team. Programming experience in the context of creating mockups and experience in conducting qualitative and quantitative studies is an advantage. Very good written and spoken German and English skills complete your profile.

Salary category 13, depending on the fulfillment of professional and personal requirements.

Closing date for applications:

Contact: Prof. Dr. Melanie Volkamer, phone: 0721 608-45045

More information: https://www.pse.kit.edu/english/karriere/joboffer.php?id=145583

Area of Specialization: Theory of Cryptography, Theory and Practice of Cybersecurity, Theoretical Computer Science, Theory of Algorithms, Theory of Computational Complexity, Programming Theory, Software Verification Theory, Blockchain Technology, Network Security, etc.
Job Description: Research and education at Department of Mathematical and Computing Science. Assigned tasks on management of the department.

Closing date for applications:

Contact: Keisuke Tanaka, Professor, Associate Chair of Department of Mathematical and Computing Science, School of Computing (Email: keisuke@is.titech.ac.jp)

More information: https://jrecin.jst.go.jp/seek/SeekJorDetail?fn=3&dt=1&id=D122060173&ln_jor=1

Public-key authentication in SSH reveals more information about the participants' keys than is necessary. (1) The server can learn a client's entire set of public keys, even keys generated for other servers. (2) The server learns exactly which key the client uses to authenticate, and can further prove this fact to a third party. (3) A client can learn whether the server recognizes public keys belonging to other users. Each of these problems lead to tangible privacy violations for SSH users.

In this work we introduce a new public-key authentication method for SSH that reveals essentially the minimum possible amount of information. With our new method, the server learns only whether the client knows the private key for some authorized public key. If multiple keys are authorized, the server does not learn which one the client used. The client cannot learn whether the server recognizes public keys belonging to other users. Unlike traditional SSH authentication, our method is fully deniable. Our new method also makes it harder for a malicious server to intercept first-use SSH connections on a large scale.

Our method supports existing SSH keypairs of all standard flavors — RSA, ECDSA, EdDSA. It does not require users to generate new key material. As in traditional SSH authentication, clients and servers can use a mixture of different key flavors in a single authentication session.

We integrated our new authentication method into OpenSSH, and found it to be practical and scalable. For a typical client and server with at most 10 ECDSA/EdDSA keys each, our protocol requires 9 kB of communication and 12.4 ms of latency. Even for a client with 20 keys and server with 100 keys, our protocol requires only 12 kB of communication and 26.7 ms of latency.

Updatable Encryption (UE) allows to rotate the encryption key in the outsourced storage setting while minimizing the bandwith used. The server can update ciphertexts to the new key using a token provided by the client. UE schemes should provide strong confidentiality guarantees against an adversary that can corrupt keys and tokens.

This paper solves three open problems in ciphertext-independent post-quantum UE. First, we propose the first two post-quantum CCA secure UE schemes, solving an open problem left by Jiang at Asiacrypt 2020. Second, our three UE schemes are the first post-quantum schemes that support an unbounded number of updates. Third, the security of our three schemes is based on three different problems which are not lattice problems, whereas the two prior post-quantum UE schemes are both based on LWE.

We do so by studying the problem of building UE in the group action framework. We introduce a new notion of Mappable Effective Group Action (MEGA) and show that we can build UE from a MEGA by generalizing the SHINE construction of Boyd et al. at Crypto 2020. We propose two post-quantum instantiations of our UE scheme using some recent group action constructions. Isogeny-based group actions are the most studied post-quantum group actions. Unfortunately, the resulting group actions are not mappable. We show that we can still build UE from isogenies by introducing a new algebraic structure called Effective Triple Orbital Group Action (ETOGA). We prove that UE can be built from an ETOGA and show how to instantiate this abstract structure from isogeny-based group actions.

Homomorphic Encryption (HE) is a very attractive solution to ensure privacy when outsourcing confidential data to the cloud, as it enables computation on the data without decryption. As the next step, searching this homomorphic data becomes necessary to navigate it in the server. In this paper, we propose a novel algorithm to search homomorphically encrypted data outsourced to an untrusted server and shared with multiple users. We optimize the steps involved in the process to reduce the number of rounds of communication. We use an order-preserving encoding to batch the data with multi-key HE cryptosystems to reduce the multiplicative depth of the equality circuits and enable direct comparison. Further, we use LEAF to retrieve indices securely, and SealPIR to retrieve the values obliviously to the user. Overall, we provide an efficient end-to-end framework for searching shared data in a semi-honest server.