International Association
for Cryptologic Research

Cryptanalysis of block ciphers is an active and important research area with an extensive volume of literature. For this work, we focus on SBox-based ciphers, as they are widely used and cover a large class of block ciphers. While there have been prior works that have consolidated attacks on block ciphers, they usually focus on describing and listing the attacks. Moreover, the methods for evaluating a cipher's security are often ad hoc, differing from cipher to cipher, as attacks and evaluation techniques are developed along the way. As such, we aim to organise the attack literature, as well as the work on security evaluation.

In this work, we present a systematization of cryptanalysis of SBox-based block ciphers focusing on three main areas: (1) Evaluation of block ciphers against standard cryptanalytic attacks; (2) Organisation and relationships between various attacks; (3) Comparison of the evaluation and attacks on existing ciphers.

The FX construction provides a way to increase the effective key length of a block cipher E. We prove security of a tweakable version of the FX construction in the post-quantum setting, i.e., against a quantum attacker given only classical access to the secretly keyed construction while retaining quantum access to E, a setting that seems to be the most relevant one for real-world applications. We then use our results to prove post-quantum security—in the same model—of the (plain) FX construction, Elephant (a finalist of NIST's lightweight cryptography standardization effort), and Chaskey (an ISO-standardized lightweight MAC).

Searchable Symmetric Encryption (SSE) supports efficient yet secure query processing over outsourced symmetrically encrypted databases without the need for decryption. A longstanding open question has been the following: can we design a fast, scalable, linear storage and low-leakage SSE scheme that efficiently supports arbitrary Boolean queries over encrypted databases? In this paper, we present the design, analysis and prototype implementation of the first SSE scheme that efficiently supports conjunctive, disjunctive and more general Boolean queries (in both the conjunctive and disjunctive normal forms) while scaling smoothly to extremely large encrypted databases, and while incurring linear storage overheads and supporting extremely fast query processing in practice. We quantify the leakage of our proposal via a rigorous cryptographic analysis and argue that it achieves security against a well-known class of leakage-abuse and volume analysis attacks. Finally, we demonstrate the storage-efficiency and scalability of our proposed scheme by presenting experimental results of a prototype implementation of our scheme over large real-world databases.

Shor's algorithm solves Elliptic Curve Discrete Logarithm Problem(ECDLP) in polynomial time. To optimize Shor's algorithm for binary elliptic curve, reducing the cost for binary field multiplication is essential because it is most cost-critical basic arithmetic. In this paper, we propose Toffoli gate count optimized space-efficient quantum circuits for binary field $(\mathbb{F}_{2^{n}})$ multiplication. To do so, we take advantage of Karatsuba-like formula and show that its application can be provided without ancillary qubits and optimized them in terms of CNOT gate and depth. Based on the Karatsuba-like formula, we drive a space-efficient CRT-based multiplication with two types of out-of-place multiplication algorithm to reduce CNOT gate cost. Our quantum circuits do not use ancillary qubits and have extremely low TOF gates count $O(n2^{\log_{2}^{\ast}n})$ where $\log_{2}^{\ast}$ is a function named iterative logarithm that grows very slowly. Compared to recent Karatsuba-based space-efficient quantum circuit, our circuit requires only $(12 \sim 24 \% )$ of Toffoli gate count with comparable depth for cryptographic field sizes $(n = 233 \sim 571)$. To the best of our knowledge, this is the first result that utilizes Karatsuba-like formula and CRT-based multiplication in quantum circuits.

This work considers the problem of mitigating information leakage between communication and sensing in systems jointly performing both operations. Specifically, a discrete memoryless state-dependent broadcast channel model is studied in which (i) the presence of feedback enables a transmitter to convey information, while simultaneously performing channel state estimation; (ii) one of the receivers is treated as an eavesdropper whose state should be estimated but which should remain oblivious to part of the transmitted information. The model abstracts the challenges behind security for joint communication and sensing if one views the channel state as a sensitive attribute, e.g., location. For independent and identically distributed states, perfect output feedback, and when part of the transmitted message should be kept secret, a partial characterization of the secrecy-distortion region is developed. The characterization is exact when the broadcast channel is either physically-degraded or reversely-physically-degraded. The partial characterization is also extended to the situation in which the entire transmitted message should be kept secret. The benefits of a joint approach compared to separation-based secure communication and state-sensing methods are illustrated with binary joint communication and sensing models.

This work explores several architectural optimizations to report a fast and area-time (AT) product efficient hardware accelerator for a lattice based Key Encapsulation Mechanism (KEM) scheme called the CRYSTALS-KYBER. Kyber was recently chosen as the first quantum resistant KEM scheme for standardisation, after three rounds of the National Institute of Standards and Technology (NIST) initiated NIST PQC competition for the search of the best quantum resistant KEMs and digital signatures (started in 2016). Kyber is based on Module-Learning with Errors (M-LWE) class of Lattice-based Cryptography, that is known to manifest efficiently on FPGAs. The architectural optimizations include inter-module and intra-module pipelining, that is designed and balanced via FIFO based buffering to ensure maximum parallelisation. The implementation results show that compared to the state-of-the-art, the proposed architecture delivers 23.8-43.8% speedups at three different security levels on Artix-7 and Zynq UltraScale+ devices, 50-75% reduction in DSPs and no BRAM resources at comparable security level. Consequently, the AT product efficiency is reported to be 45.8-51.9% higher in comparison with the state-of-the-art designs.

NTRU-ν-um is a fully homomorphic encryption schemes making use of NTRU as a building block. NTRU-ν-um comes in two versions: a first instantiation working with polynomials modulo XN − 1 with N a prime [cyclic version] and a second instantiation working with polynomials modulo XN + 1 with N a power of two [negacyclic version].

This report shows that the cyclic version of NTRU-ν-um is not secure. Specifically, it does not provide indistinguishability of encryptions. More critically, the scheme leaks the underlying private LWE keys. Source code for mounting the attacks is provided. The attacks were practically validated on the given parameter sets.

Event date: 19 August to 24 August 2023
Submission deadline: 16 February 2023
Notification: 5 May 2023

It has been forty years since the TCP/IP protocol blueprint, which is the core of modern worldwide Internet, was published. Over this long period, technology has made rapid progress. These advancements are slowly putting pressure and placing new demands on the underlying network architecture design. Therefore, there was a need for innovations that can handle the increasing demands of new technologies like IoT while ensuring secrecy and privacy. It is how Named Data Networking (NDN) came into the picture. NDN enables robust data distribution with interest-based content retrieval and leave-copy-everywhere caching policy. Even though NDN has surfaced as a future envisioned and decisive machinery for data distribution in IoT, it suffers from new data security challenges like content poisoning attacks. In this attack, an attacker attempts to introduce poisoned content with an invalid signature into the network. Given the circumstances, there is a need for a cost-effective signature scheme, requiring inexpensive computing resources and fast when implemented. An identity-based signature scheme (IBS) seems to be the natural choice to address this problem. Herein, we present an IBS, namely Mul-IBS relying on multivariate public key cryptography (MPKC), which leads the race among the post-quantum cryptography contenders. A 5-pass identification scheme accompanying a safe and secure signature scheme based on MPKC works as key ingredients of our design. Our Mul-IBS attains optimal master public key size, master secret key size, and user’s secret key size in the context of multivariate identity-based signatures. The proposed scheme Mul-IBS is proven to be secure in the model “existential unforgeability under chosen-message and chosen identity attack (uf-cma)” contingent upon the fact that Multivariate Quadratic (MQ) problem is NP-hard. The proposed design Mul-IBS can be utilized as a crucial cryptographic building block to build a robust and resilient IoT-based NDN architecture.

Post-Compromise Security (PCS) is a property of secure-channel establishment schemes, which limits the security breach of an adversary that has compromised one of the endpoint to a certain number of messages, after which the channel heals. An attractive property, especially in view of Snowden's revelation of mass-surveillance, PCS was pioneered by the Signal messaging protocol, and is present in OTR. In this paper, we introduce a framework for quantifying and comparing PCS security, with respect to a broad taxonomy of adversaries. The generality and flexibility of our approach allows us to model the healing speed of a broad class of protocols, including Signal, but also an identity-based messaging protocol named SAID, and even a composition of 5G handover protocols.

Databases often require the flexibility to control which entities can access specific database records. Such access control is absent in works that provide private access to databases, namely private information retrieval (PIR) systems. In this paper, we show how to address this shortcoming by introducing Pirmission, the first practical single-server PIR system that allows the enforcement of access control policies. Pirmission’s mechanism does not even reveal whether the client passed or failed the access control check—instead the client receives random data if they are not authorized to access a database record. To demonstrate the usefulness and practicality of Pirmission, we use it to build a private contact discovery platform that allows users to only be discoverable by their friends (who have permission). Compared to state-of- the-art single-server PIR protocols that do not provide access control, Pirmission increases the server’s response time by around 2.8X (much less for databases with large records), and requires only one additional ciphertext to be sent by the client.

Determining bounds on the differential probability of differential trails and the squared correlation contribution of linear trails forms an important part of the security evaluation of a permutation. For Xoodoo such bounds were proven with a dedicated tool (XooTools), that scans the space of all r-round trails with weight below a given threshold $T_r$. The search space grows exponentially with the value of $T_r$ and XooTools appeared to have reached its limit, requiring huge amounts of CPU to push the bounds a little further. The bottleneck was the phase called trail extension where short trails are extended to more rounds, especially in the backward direction. In this work, we present a number of techniques that allowed us to make extension much more efficient ant that allowed us to increase the bounds significantly. Notably, we prove that the minimum weight of any 4-round trail is 80, the minimum weight of any 6-round trail is at least 132 and the minimum weight of any 12-round trail is at least 264, both for differential and linear trails.

Event date: 16 October to 21 October 2022
Submission deadline: 30 September 2022

Event date: 13 December to 15 December 2022
Submission deadline: 25 August 2022
Notification: 7 October 2022

We would like to invite applications for an up to 3 years fully funded postdoctoral position within the Department of Computer Science, University of Surrey. The expected start is October 2022 or as soon as possible thereafter.

The postdoctoral researcher will contribute to two EU-funded research projects “CONNECT: Continuous and Efficient Cooperative Trust Management for Resilient CCAM” and “REWIRE: Rewiring the Compositional Security Verification and Assurance of Systems of Systems Lifecycle”. The main responsibility of the post holder will be in the design and development of new cryptographic protocols for trusted computing and secure systems, including attribute-based encryption and signatures, anonymous signatures, remote attestation, and distributed ledger technologies. Applicants should have a PhD (or close to completing a PhD degree) in a relevant subject or equivalent professional experience.

The position offers the platform for the research fellow to develop skills to become an independent researcher. The successful candidate will work under the direction of Professor Liqun Chen and Dr Catalin Dragan. The research fellow will also work with the other colleagues of the Surrey Centre for Cyber Security and collaborate with the other partners of the CONNECT project consortium and the REWIRE project consortium.

Requirements:
We are looking for applicants that demonstrate strong research and protocol design skills, have strong communication skills, and have enthusiasm for developing their own research ideas. Applicants should have knowledge and experience in the design of cryptographic protocols for trusted computing and secure systems, and a good understanding of distributed ledger technologies. Skills in software engineering would be an advantage but being willing to learn how to develop a software prototype for demonstration is acceptable. Applicants should have a PhD (or close to completing a PhD degree) in a relevant subject or equivalent professional experience.

Closing date for applications:

Contact: Professor Liqun Chen (liqun.chen@surrey.ac.uk) or Dr Catalin Dragan (c.dragan@surrey.ac.uk)

More information: https://jobs.surrey.ac.uk/Vacancy.aspx?ref=058222

The groups of Cryptology and Quantum Information (Alexander May and Michael Walter) are looking for an excellent candidate for a fully funded Ph.D. position as part of Quantum-Safe Internet (QSI), a Marie Curie Innovative Training Network (MSCA-ITN). The QSI network involves top-ranking partner universities from France, Italy, Germany, the Netherlands, Denmark, Spain, the UK, and Switzerland, as well as industrial partners.

You will conduct research in algorithms for classical and quantum cryptanalysis and publish/present the results at top venues for research in crypto/IT Security. This is a joint doctorate, supervised by Alexander May and Michael Walter.

Your Profile:

• Master’s degree or equivalent in computer science, mathematics, theoretical physics, or a related field.
• Outstanding grades in classes related to cryptography, (quantum) algorithms, theoretical CS, or mathematics. (Familiarity with provable security and/or a strong mathematical background are a plus.)
• Excellent communication/writing skills in English. (No German required.)
• Compliance with the MSCA-ITN mobility rule: You must not have resided or carried out your main activity (work, studies, etc.) in Germany for more than 12 months in the 36 months immediately before your recruitment date.

We offer:

• Full-time employment for the duration of the PhD (four years at Ruhr-University Bochum).
• A well-rounded training offered by the QSI network, covering a range of topics related to secure communications in the quantum era, as well as complementary training intended to enhance your personal development.
• Generous travel budget that allows for, e.g., exposure to different sectors via planned placements and attendance to summer schools.

The position is to be filled as soon as possible, deadline for application is Sep 28. We strongly encourage applications from members of any underrepresented group in our research area.

Closing date for applications:

Contact: To apply or for questions, contact alex.may@rub.de. Applications should contain the following in a single PDF:

• Cover letter describing your background and research interests.
• CV, including transcripts.
• A link to your MSc thesis (draft), if available.

On behalf of the Temasek Laboratories at the Nanyang Technological University in Singapore, we solicit application for a paid internship.

Project: Efficient implementation of post-quantum ciphers in quantum logic (with a focus on code-based ciphers)

Vacancy: 2 persons

Duration: September 2022 to February 2023 (6 months)

PI: Anubhab Baksi (anubhab.baksi@ntu.edu.sg)

Closing date for applications:

Contact: Anubhab Baksi

The SYmmetric and Lightweight cryptography Lab (SYLLAB) at Nanyang Technological University is looking for candidates for 2 Research Fellow / postdoc positions (from fresh post-docs to senior research fellows, flexible contract duration) on:

• symmetric-key cryptography,
• lightweight cryptography,
• side-channel analysis,
• optimized software and/or hardware implementations,
• fully-homomorphic encryption,
• machine learning.

Candidates are expected to have a proven record of publications in top cryptography/security/ML venues.

Salaries are competitive and are determined according to the successful applicants accomplishments, experience and qualifications. Interested applicants should send their detailed CVs, cover letter and references to Prof. Thomas Peyrin (thomas.peyrin@ntu.edu.sg).

Review of applications starts immediately and will continue until positions are filled.

Closing date for applications:

Contact: Thomas Peyrin

We are looking for bright and motivated PhD students to work in the topics of information security and cryptography. The students will join the Cybersecurity and applied Cryptography group led by Prof. Katerina Mitrokotsa (https://cybersecurity.unisg.ch/). The students are expected to work on topics that include security and privacy issues for resource-constrained devices (e.g., sensors) that rely on external untrusted servers in order to perform computations. More precisely, the student shall be working on investigating efficient authentication and verifiable delegation of computation mechanisms that provide: i) provable security guarantees, and ii) rigorous privacy guarantees. The positions are funded with a competitive salary and the workplace is in beautiful St. Gallen in Switzerland.
Research areas: Research areas include but are not limited to:

• Verifiable computation
• Secure Multi Party Computation
• Privacy-preserving authentication
• Cryptographic primitives
• Privacy-preserving biometric authentication

Your Profile:

• A MSc degree in Computer Science, Applied Mathematics or a relevant field;
• Strong mathematical and algorithmic CS background;
• Excellent programming skills;
• Excellent written and verbal communication skills in English.

Final Deadline for applications: 31 August 2022
Starting date: By mutual agreement

Closing date for applications:

Contact: Eriane Breu

More information: https://jobs.unisg.ch/offene-stellen/funded-phd-student-in-applied-cryptography-privacy-preserving-biometric-authentication-m-w-d/c4a38453-d472-4ca0-b975-1b1f9d517dc0

CISPA is a world-leading research center that focuses on Information Security and Machine Learning at large. To expand and further strengthen our center, we are looking for Tenure-Track Faculty in all areas related to Security, Privacy, and Cryptography (f/m/d) All applicants are expected to grow a research team that pursues an internationally visible research agenda. To aid you in achieving this, CISPA provides institutional base funding for three full-time researcher positions and a generous budget for expenditures. Upon successful tenure evaluation, you will hold a position that is equivalent to an endowed full professorship at a top research university. We invite applications of candidates with excellent track records in Security, Privacy, and Cryptography, especially in (but not limited to) the fields of

Applied and Post-Quantum Cryptography

Autonomous Systems Security

Cybercrime, Misinformation, and Fake News

Hardware Security and Secure Hardware Designs

Human-Centered Security and Privacy

Privacy-Enhancing Technologies

Security of Critical Infrastructures and Embedded Systems

Software Security, Analysis, and Engineering

The CISPA Tenure-Track in a nutshell:

Tenure-track of five years towards the equivalent of an Endowed Full Professorship

Three fully funded full-time research staff positions for your entire tenure-track

Generous budget for research expenses

Low teaching load of only one course (of your choice) per semester

World-renowned colleagues in (almost) all areas of Security and Machine Learning

Young and dynamic environment, with an average faculty age below 40 years

CISPA values diversity and is committed to equality. We provide special dual-career support. We explicitly encourage female and diverse researchers to apply.

Application

All applicants are strongly encouraged to submit their complete application by November 1, 2022 with interviews starting in December 2022. However, applications will continue to be accepted until December 15, 2022 with interviews in 2023.

Closing date for applications:

Contact: scientific-recruiting@cispa.de

More information: https://faculty.jobs.cispa.de/sec/iacr