International Association
for Cryptologic Research

The Security Group at University College Cork (UCC) is seeking a PhD student to work on the project “Adaptive Privacy-preservation in the Internet of Things”.

By interconnecting everyday devices and objects that were previously offline, the Internet of Things (IoT) enables data to flow from and to them, making them “smart”. However, remote connectivity also introduces significant risks for the security of the devices, and the privacy of the data being exchanged. The protection of this sensitive information requires the adoption of complex security and privacy mechanisms, including advanced encryption and anonymization techniques, such as homomorphic encryption and differential privacy. These mechanisms, however, often impose a significant overhead in terms of computational costs on constrained IoT devices. The goal of the project is to develop a framework for adaptive privacy preservation in IoT devices, providing the tools to select and calibrate privacy-enhancing technologies to suit the constraints of IoT platforms and devices, while maximizing privacy protection.

The student will join the thriving Security Group at UCC, where several PhDs and PostDocs carry out related research. The project is a collaboration between UCC (host organization) and MTU, and part of CONNECT - Centre for Future Networks & Communications, a major Science Foundation Ireland research initiative. The PhD student will work under the supervision of the Principal Investigator, Dr. Paolo Palmieri, and co-Investigator Dr. Hazel Murray (MTU).

Candidates should have a background/strong interest in security and privacy, and a good grasp of mathematics. Previous experience in cryptography is an asset, but is not required. Applicants should hold a good BSc or MSc degree in computer science, computer engineering, mathematics, or related subject.

The position is fully funded, including an annual stipend of €18,500 for up to four years and a contribution towards tuition fees. As part of the project, a travel budget is available to present at international conferences and to collaborate with other research groups.

Closing date for applications:

Contact: Informal inquires can be made to Dr. Paolo Palmieri: p.palmieri@cs.ucc.ie

Applications should be submitted on-line at the link above (https://ucc.qualtrics.com/jfe/form/SV_9KOs25IaXJJcVb8).

Open until filled, but applications received by July 10 will be prioritized.

More information: https://ucc.qualtrics.com/jfe/form/SV_9KOs25IaXJJcVb8

Technology Innovation Institute (TII) is a publicly funded research institute, based in Abu Dhabi, United Arab Emirates. It is home to a diverse community of leading scientists, engineers, mathematicians, and researchers from across the globe, transforming problems and roadblocks into pioneering research and technology prototypes that help move society ahead.

Cryptography Research Centre

Position: Cryptanalyst - Constraint Solving

Tweak your favorite constraint solving tools to perform cryptanalysis tasks

Study how to leverage machine learning techniques in the context of constraint solvers

Analyze, evaluate and target any weaknesses security systems which range from single crypto-primitives to entire protocols, from classical ciphers to the newest lightweight or post-quantum schemes

Develop mathematical and statistical models to analyze and solve security data problems

Collaborate with skillful software, hardware, and telecommunication engineers

Work with latest software and test your code on state-of-the-art High-Performance Devices

Conduct research in theoretical and practical cryptanalysis

Attend personalized in-house trainings with top cryptographers and international conferences and workshops

Skills required for the job

PhD degree in Cryptography, Applied Cryptography, Information Theory and Mathematics, Computer Science or any relevant Engineering degree

Extensive experience in constraint programming (SAT, SMT, Linear Programming, Constraint Programming)

Experience in theoretical and practical cryptanalysis

Valuable publications in the field of cryptanalysis and/or constraint programming (SAT, SMT, Linear Programming, Constraint Programming)

Extensive experience developing in various programming languages, and use of high-performance devices (CPU, GPU, TPU

Closing date for applications:

Contact:

Mehdi Messaoudi - Talent Acquisition Manager
Email: mehdi.messaoudi@tii.ae

Technology Innovation Institute (TII) is a publicly funded research institute, based in Abu Dhabi, United Arab Emirates. It is home to a diverse community of leading scientists, engineers, mathematicians, and researchers from across the globe, transforming problems and roadblocks into pioneering research and technology prototypes that help move society ahead.

Cryptography Research Centre

The position is in the asymmetric cryptanalysis team. The team currently consists of five senior researchers (post docs) and one PhD student. We cover a broad range of expertise in post-quantum cryptanalysis with experts on multivariate-, lattice-, and code-based systems. We are currently looking to support the team particularly on the coding side by a Code-based Cryptanalysis Expert.

Conduct research in the field of asymmetric cryptanalysis, especially regarding post quantum secure systems with strong focus on code-based systems

Contribute to the NIST standardization process

Publish in top tier conferences and journals

Participate in practical cryptanalysis projects and public cryptographic challenges

Develop mathematical and statistical models to analyze and solve security data problems

Collaborate with a skillful team of software, hardware, and telecommunication engineers

Work with latest software and test your code on state-of-the-art High-Performance Devices

Attend personalized in-house trainings with top cryptographers and international conferences and workshops

Skills required for the job

PhD degree in Cryptography, Applied Cryptography, Information Theory and Mathematics, Computer Science or any relevant Engineering degree

Strong background in coding theory and/or code-based cryptography

Extensive experience in theoretical and/or practical cryptanalysis

Valuable publications in the field of cryptanalysis

Extensive experience in performing side-channel attacks

Extensive experience developing in various programming languages (preferably C / C++, CUDA, python)

A passion for solving complex puzzles

Closing date for applications:

Contact:
Mehdi Messaoudi - Talent Acquisition Manager
Email: mehdi.messaoudi@tii.ae

The School of Business Informatics and Mathematics at the university of Mannheim has a job opening for an Assistant Professor (W1) for Responsible AI for an initial period of three years. After a positive evaluation, an extension for another three years is possible.

AI is increasingly interacting with society. This gives rise to numerous ethical issues, which should be addressed both in research and teaching by this junior professorship. The successful candidate is expected to develop the research field of Responsible AI within computer science and to advance it in exchange with the existing chairs of the institute. We are looking for candidates who are particularly qualified in at least one of the following areas:

• Trustworthy and explainable AI
• Privacy and AI
• AI and Fairness
• Human-AI Interaction
• AI regulation and certification
• Social implications of AI use

Please send your application with the usual documents (curriculum vitae, list of publications, information on previous teaching and research activities, course evaluations, your three most important publications as well as copies of your certificates and references) with the keyword "Juniorprofessur Responsible AI " in paper form or as pdf files by e-mail (bewerbung.wim@uni-mannheim.de) by 15.07.2022

Closing date for applications:

Contact: Universität Mannheim
Dean of the School of Business Informatics and Mathematics at the University of Mannheim
Dr. Bernd Lübcke
B6,26 - 68131 Mannheim
E-Mail: bewerbung.wim@uni-mannheim.de

More information: https://drive.google.com/file/d/1nn4ncxKEitXtqGlTi5wVCaf17C_pLOn_/view?usp=sharing

Full-time PhD or postdoctoral researcher in the area of provable security or distributed consensus algorithms. CISPA offers a diverse, world-class research environment with a faculty of more than 30 top scientists in the field of security and machine learning. Requirements: - Background in math or theoretical computer science (MSc or equivalent) - Fluency in English - You enjoy solving puzzles and like to work in a team If you are interested, please feel free to reach out to me directly or apply at: https://jobs.cispa.saarland/jobs/detail/phd-students-1 (you should indicate in your application that you would like to work with me). Female applicants are strongly encouraged to apply.

Closing date for applications:

Contact: Julian Loss

More information: https://www.julianloss.com

MDPPML research group at University of Tübingen is looking for motivated PhD students in the area of cryptography, data privacy and machine learning.

Research Topics: Development and analysis of provably secure solutions for real-world problems. Topics of interest include (but are not limited to): privacy-enhancing technologies, privacy-preserving machine learning, efficient operations on encrypted data, processing of encrypted data in outsourced and untrusted environments, and TEE security and development.

Requirements: Master’s degree in Computer Science, Mathematics, or a related area by the time of appointment. Knowledge or interest in the areas of cryptography and machine learning.

Closing date for applications:

Contact: Mete Akgün

The CRAN, with LORIA as a scientific partner, offers a one-year PostDoctoral position to work in Nancy, France, under the supervision of Gilles Millerioux (CRAN) and Marine Minier (LORIA). The selected candidate will work on topics related to the security of stream ciphers. A special emphasis of self-synchronizing stream ciphers would be welcome. The expected skills are general background on symmetric cryptography and security analysis. An hardware implementation would be considered with the help of an engineer whenever necessary. The research will be conducted in the context of the Lorraine Universite d'Excellence Digitrust project (https://www.univ-lorraine.fr/lue/les-projets-impact/digitrust/). Research work can be done in either English or French.

Closing date for applications:

Contact: To apply for the position or get further information, you must write to gilles.millerioux@univ-lorraine.fr and marine.minier@loria.fr with copies of your CV and motivation letter. Deadline for application: As Soon As Possible Start of contract: September 1st, 2022 (negotiable)

More information: https://www.univ-lorraine.fr/lue/les-projets-impact/digitrust/

We construct a classically verifiable succinct interactive argument for quantum computation (BQP) with communication complexity and verifier runtime that are poly-logarithmic in the runtime of the BQP computation (and polynomial in the security parameter). Our protocol is secure assuming the post-quantum security of indistinguishability obfuscation (iO) and Learning with Errors (LWE). This is the first succinct argument for quantum computation in the plain model; prior work (Chia-Chung-Yamakawa, TCC '20) requires both a long common reference string and non-black-box use of a hash function modeled as a random oracle.

At a technical level, we revisit the framework for constructing classically verifiable quantum computation (Mahadev, FOCS '18). We give a self-contained, modular proof of security for Mahadev's protocol, which we believe is of independent interest. Our proof readily generalizes to a setting in which the verifier's first message (which consists of many public keys) is compressed. Next, we formalize this notion of compressed public keys; we view the object as a generalization of constrained/programmable PRFs and instantiate it based on indistinguishability obfuscation.

Finally, we compile the above protocol into a fully succinct argument using a (sufficiently composable) succinct argument of knowledge for NP. Using our framework, we achieve several additional results, including

- Succinct arguments for QMA (given multiple copies of the witness), - Succinct non-interactive arguments for BQP (or QMA) in the quantum random oracle model, and - Succinct batch arguments for BQP (or QMA) assuming post-quantum LWE (without iO).

Mix-nets are protocols that allow a set of senders to send messages anonymously. Faonio et al. (ASIACRYPT’19) showed how to instantiate mix-net protocols based on Public-Verifiable Re-randomizable Replayable CCA-secure (Rand-RCCA) PKE schemes. The bottleneck of their approach is that public-verifiable Rand-RCCA PKEs are less efficient than typical CPA-secure re-randomizable PKEs. In this paper, we revisit their mix-net protocol, showing how to get rid of the cumbersome public-verifiability property, and we give a more efficient instantiation for the mix-net protocol based on a (non publicly-verifiable) Rand-RCCA scheme. Additionally, we give a more careful security analysis of their mix-net protocol.

Public key encryption schemes are increasingly being studied concretely, with an emphasis on tight bounds even in a multi-user setting. Here, two types of formalization have emerged, one with a single challenge bit and one with multiple challenge bits. Another modelling choice is whether to allow key corruptions or not. How tightly the various notions relate to each other has hitherto not been studied in detail. We show that in the absence of corruptions, single-bit left-or-right indistinguishability is the preferred notion, as it tightly implies the other (corruption-less) notions. However, in the presence of corruptions, this implication no longer holds; we suggest the use of a more general notion that tightly implies both existing options. Furthermore, for completeness we study how the relationship between left-or-right versus real-or-random evolves in the multi-user PKE setting.

Access Control Encryption (ACE) allows to control information flow between parties by enforcing a policy that specifies which user can send messages to whom. The core of the scheme is a sanitizer, i.e., an entity that ''sanitizes'' all messages by essentially re-encrypting the ciphertexts under its key. In this work we investigate the natural question of whether it is still possible to achieve some meaningful security properties in scenarios when such a sanitization step is not possible.

We answer positively by showing that it is possible to limit corrupted users to communicate only through insecure subliminal channels, under the necessary assumption that parties do not have pre-shared randomness. Moreover, we show that the bandwidth of such channels can be limited to be O(log(n)) by adding public ciphertext verifiability to the scheme under computational assumptions. In particular, we rely on a new security definition for obfuscation, Game Specific Obfuscation (GSO), which is a weaker definition than VBB, as it only requires the obfuscator to obfuscate programs in a specific family of programs, and limited to a fixed security game.

We establish a set of zero-knowledge arguments that allow for the hashing of a committed secret $a$-bit input $x$ to a committed secret $(k+1)$-bit prime number $p_x$. The zero-knowledge arguments can convince a verifier that a commitment indeed is the correctly generated prime number derived from $x$ with a soundness error probability of at most $2^{-k}+ 2^{-t}$ dependent on the number of zero-knowledge argument rounds $k$ and the number of primality bases $t$ to establish primality. Our constructions offer a range of contributions including enabling dynamic encodings for prime-based accumulator, signature and attribute-based credential schemes allowing to reduce these schemes' public key size and setup requirements considerably and rendering them extensible. While our new primality zero-knowledge arguments are of independent interest, we also show improvements on proving that a secret number is the product of two secret safe primes significantly more efficient than previously known results, with applications to setting up secure special RSA moduli.

Creating a good deep learning (DL) model is an art which requires expertise in DL and a large set of labeled data for training neural networks. Neither is readily available. In this paper, we introduce a method which enables us to achieve good results with bad DL models. We use simple multilayer perceptron (MLP) networks, trained on a small dataset, which make strongly biased predictions if used without the proposed method. The core idea is to extend the attack dataset so that at least one of its traces has the ground truth label to which the models are biased towards. The effectiveness of the presented method is demonstrated by attacking an ARM Cortex-M4 CPU implementation of Saber KEM, a finalist of the NIST post-quantum cryptography standardization project, on a nRF52832 system-on-chip supporting Bluetooth 5, using amplitude-modulated EM emanations. Previous amplitude-modulated EM emanation-based attacks on Saber KEM could not recover its messages with a sufficiently high probability. We recover messages with the probability 1 from the profiling device and with the probability 0.74 from a different device. Using messages recovered from chosen ciphertexts, we extract the secret key of Saber KEM.

We give an efficient construction of a computational non-interactive witness indistinguishable (NIWI) proof in the plain model, and investigate notions of extraction for NIZKs for algebraic languages. Our starting point is the recent work of Couteau and Hartmann (CRYPTO 2020) who developed a new framework (CH framework) for constructing non-interactive zero-knowledge proofs and arguments under falsifiable assumptions for a large class of languages called algebraic languages. In this paper, we construct an efficient NIWI proof in the plain model for algebraic languages based on the CH framework. In the plain model, our NIWI construction is more efficient for algebraic languages than state-of-the-art Groth-Ostrovsky-Sahai (GOS) NIWI (JACM 2012). Next, we explore knowledge soundness of NIZK systems in the CH framework. We define a notion of strong f-extractability, and show that the CH proof system satisfies this notion. We then put forth a new definition of knowledge soundness called semantic extraction. We explore the relationship of semantic extraction with existing knowledge soundness definitions and show that it is a general definition that recovers black-box and non-black-box definitions as special cases. Finally, we show that NIZKs for algebraic languages in the CH framework cannot satisfy semantic extraction. We extend this impossibility to a class of NIZK arguments over algebraic languages, namely quasi-adaptive NIZK arguments that are constructed from smooth projective hash functions.

The 5G mobile communication network provides seamless communications between users and service providers and promises to achieve several stringent requirements, such as seamless mobility and massive connectivity. Although 5G can offer numerous benefits, security and privacy issues still need to be addressed. For example, the inclusion of small cell networks (SCN) into 5G brings the network closer to the connected users, providing a better quality of services (QoS), resulting in a significant increase in the number of Handover procedures (HO), which will affect the security, latency and efficiency of the network. It is then crucial to design a scheme that supports seamless handovers through secure authentication to avoid the consequences of SCN. To address this issue, this article proposes a secure region-based handover scheme with user anonymity and an efficient revocation mechanism that supports seamless connectivity for SCNs in 5G. In this context, we introduce three privacy-preserving authentication protocols, i.e., initial authentication protocol, intra-region handover protocol and inter-region handover protocol, for dealing with three communication scenarios. To the best of our knowledge, this is the first paper to consider the privacy and security in both the intra-region and inter-region handover scenarios in 5G communication. Detailed security and performance analysis of our proposed scheme is presented to show that it is resilient against many security threats, is cost-effective in computation and provides an efficient solution for the 5G enabled mobile communication.

Masking is a popular secret-sharing technique that is used to protect cryptographic implementations against physical attacks like differential power analysis. So far, most research in this direction has focused on finding efficient Boolean masking schemes for well-known symmetric cryptographic algorithms like AES and Keccak. However, especially with the advent of post-quantum cryptography (PQC), arithmetic masking has received increasing attention from the research community. In practice, many PQC algorithms require a combination of arithmetic and Boolean masking, which makes the search for secure and efficient conversion algorithms between these domains (A2B/B2A) an interesting but very challenging research topic. While there already exist lots of tools that can help with the formal verification of Boolean masked implementations, the same cannot be said about arithmetic masking and accompanying mask conversion algorithms.

In this work, we demonstrate the first formal verification approach for (any-order) Boolean and arithmetic masking which can be applied to both hardware and software, while considering side-effects such as glitches and transitions. First, we show how a formal verification approach for Boolean masking can be used in the context of arithmetic masking such that we can verify A2B/B2A conversions for arbitrary masking orders. We investigate various conversion algorithms in hardware and software, and point out several new findings such as glitch-based issues for straightforward implementations of [CGV14]-A2B in hardware, transition-based leakage in Goubin-A2B in software, and more general implementation pitfalls when utilizing common optimization techniques in PQC. We provide the first formal analysis of table-based A2Bs from a probing security perspective and point out that they might not be easy to implement securely on processors that use of memory buffers or caches.

Homomorphic Encryption (HE) is a modern cryptographic technique that allows direct computations on encrypted data. While relatively new to the mainstream debate, HE has been a solid topic in research for decades. However, despite the technological advances of the past years, HE’s inefficiencies render it impractical for deployment in realistic scenarios. Hence research in the field is still in its initial phase. To overcome certain challenges and bring HE closer to a realization phase, researchers recently introduced the promising concept of Hybrid Homomorphic Encryption (HHE) – a primitive that combines symmetric cryptography with HE. Using HHE, users perform local data encryptions using a symmetric encryption scheme and then outsource them to the cloud. Upon reception, the cloud can transform the symmetrically encrypted data into homomorphic ciphertexts without decrypting them. Such an approach can be seen as an opportunity to build new, privacy-respecting cloud services, as the most expensive operations of HE can be moved to the cloud. In this work, we undertake the task of designing a secure cryptographic protocol based on HHE. In particular, we show how HHE can be used as the main building block of a protocol that allows an analyst to collect data from multiple sources and compute specific functions over them, in a privacy-preserving way. To the best of our knowledge, this is the first work that aims at demonstrating how HHE can be utilized in realistic scenarios, through the design of a secure protocol.

The IACR Fellows Program recognizes outstanding IACR members for technical and professional contributions to the field of cryptology. Today we are pleased to announce five members that have been elevated to the rank of Fellow for 2022:

• Masayuki Abe, for influential contributions to practical cryptosystems, and for exemplary service to the IACR and the Asia-Pacific cryptography community.
• Christian Cachin, for far-reaching contributions in the fields of cryptography and distributed systems, and for outstanding service to the IACR.
• Claude Carlet, for fundamental contributions to the design and analysis of Boolean functions for cryptographic applications, and for sustained educational leadership.
• Benny Pinkas, for impactful research in the theory and practice of secure multi-party computation, sustained educational leadership, and service to the IACR.
• Yael Tauman Kalai, for foundational contributions in delegated computation and leakage-resilient cryptography, and service to the cryptographic community.

Congratulations to the new fellows! More information about the IACR Fellows Program can be found at https://iacr.org/fellows/.

In this short note we explore a particular behaviour of the CSIDH key exchange that leads to a very special form of (shared) key control via the use of the quadratic twists. This peculiarity contained in CSIDH with regard to quadratic twists was already noted in the original CSDIH work and used in several subsequent papers but we believe spelling out this in the form of an attack might be useful to the wider community.

We analyze the multi-user (mu) security of a family of nonce-based authentication encryption (nAE) schemes based on a tweakable block cipher (TBC). The starting point of our work is an analysis of the mu security of the SCT-II mode which underlies the nAE scheme Deoxys-II, winner of the CAESAR competition for the defense-in-depth category. We extend this analysis in two directions, as we detail now.

First, we investigate the mu security of several TBC-based variants of the counter encryption mode (including CTRT, the encryption mode used within SCT-II) that differ by the way a nonce, a random value, and a counter are combined as tweak and plaintext inputs to the TBC to produce the keystream blocks that will mask the plaintext blocks. Then, we consider the authentication part of SCT-II and study the mu security of the nonce-based MAC Nonce-as-Tweak (NaT) built from a TBC and an almost universal (AU) hash function. We also observe that the standard construction of an AU hash function from a (T)BC can be proven secure under the assumption that the underlying TBC is unpredictable rather than pseudorandom, allowing much better conjectures on the concrete AU advantage. This allows us to derive the mu security of the family of nAE modes obtained by combining these encryption/MAC building blocks through the NSIV composition method.

Some of these modes require an underlying TBC with a larger tweak length than what is usually available for existing ones. We then show the practicality of our modes by instantiating them with two new TBC constructions, Deoxys-TBC-512 and Deoxys-TBC-640, which can be seen as natural extensions of the Deoxys-TBC family to larger tweak input sizes. Designing such TBCs with unusually large tweaks is prone to pitfalls: Indeed, we show that a large-tweak proposal for SKINNY published at EUROCRYPT 2020 presents an inherent construction flaw. We therefore provide a sound design strategy to construct large-tweak TBCs within the Superposition Tweakey (STK) framework, leading to new Deoxys-TBC and SKINNY variants. We provide software benchmarks indicating that while ensuring a very high security level, the performances of our proposals remain very competitive.