International Association
for Cryptologic Research

Event date: 1 May to 4 May 2023

The KASTEL Institute of Information Security and Dependability is looking for multiple PhD students and PostDocs committed to privacy-preserving cryptography. Experiences with secure multi-party computation or UC-based security are a plus. For PostDocs a track record in this field is expected, including publications at reputable conferences such as Crypto, Eurocrypt, ACM CCS, PETS, etc.

You will be a member of the KASTEL Security Research Labs (https://zentrum.kastel.kit.edu). Your research will be dealing with privacy-preserving cryptographic building blocks and protocols for important application scenarios and result in both theoretical security concepts (protocol designs, security proofs, etc.) and their efficient implementation (e.g., a demonstrator). The contract will initially be limited to 1 year, but can be extended to several years (particularly for PhD candidates).

If you are interested, please send an email including your CV and a list of publications (for PostDocs) to andy.rupp@partner.kit.edu.

Closing date for applications:

Contact: Andy Rupp (PI at KASTEL)

More information: https://zentrum.kastel.kit.edu/english/index.php

ISTA invites applications for several open positions in all areas of computer science including cryptography, systems security and privacy.

We offer:

• A highly international and interdisciplinary research environment with English as working language on campus
• State-of-the-art facilities and scientific support services
• Substantial start-up package and attractive salary
• Guaranteed annual base funding including funding for PhD students and postdocs
• An international Graduate School with high admissions criteria and a rigorous training program
• Leadership program
• Employee Assistance program
• Dual Career support packages
• Child-care facilities on campus (for children aged 3 months till school age)

ISTA is an international institute dedicated to basic research and graduate education in the natural, mathematical, and computational sciences. The Institute fosters an interactive, collegial, and supportive atmosphere, sharing space and resources between research groups whenever possible, and facilitating cross-disciplinary collaborations.

Assistant professors receive independent group leader positions with an initial contract of six years, at the end of which they are reviewed by international peers. If the evaluation is positive, an assistant professor is promoted to a tenured professor.

Candidates for tenured positions are distinguished scientists in their respective research fields and typically have at least six year of experience in leading a research group.

ISTA values diversity and is committed to equal opportunities. We strive to increase the number of women, particularly in fields where they are underrepresented, and therefore we strongly encourage female researchers.

Please apply online at: www.ista.ac.at/jobs/faculty

The closing date for applications is October 27, 2022.

Closing date for applications:

Contact:

Prof. Krzysztof Pietrzak (pietrzak@ista.ac.at) or Prof. Lefteris Kokoris Kogias (ekokoris@ista.ac.at)

I am searching for an outstanding Ph.D. candidate to start on 1st November 2022 (negotiable) in the Coding Theory and Cryptology group at Eindhoven Technical University (TU/e).

Possible topics fall into the field of provable security with a focus on the construction of efficient cryptographic building blocks and protocols, including
-(post-quantum) secure key exchange and messaging protocols and
-efficient digital signatures and public key encryption in realistic security models.

The fully-funded position offers exciting research in a highly international research environment. Candidates from outside of the Netherlands can be eligible for an additional tax reduction scheme.

Requirements:
-a Master's degree (or equivalent) with excellent grades in computer science, mathematics, or IT security.
-strong mathematical and/or algorithmic/theoretical CS background.
-good knowledge of cryptography and provable security.
-good written and verbal communication skills in English (Dutch is not required).

TU/e embraces diversity and inclusion. Therefore, people from all backgrounds are invited to apply, without regard to sex, gender, race, ethnicity, nationality, age, socio-economic status, identity, visible or invisible disability, religion, or sexual orientation.

To apply, prepare a single PDF file that includes a CV with a course list and grades. Applications received until 9th September 2022 receive full consideration. After that, the position is filled as soon as possible.

Applications and questions can be directed at s.schage@tue.nl.

Closing date for applications:

Contact: Sven Schäge

Job Description: A candidate will work in the area of post-quantum cryptography. A candidate will conduct research on analysis of post-quantum cryptography; the emphasis is on quantum analysis on symmetric cipher and PQC. The work requires to carry out some simulations. Applicants are expected to have a PhD degree in Mathematics/Physics/Computer Science and a strong background in quantum algorithm, algebra, linear algebra or algebraic number theory. Preferred candidates are expected to be proficient in Magma software or SAGEMATH software or knowledge on quantum software (eg. Qiskit, etc), a team worker and able to conduct independent research. Interested candidates will kindly include their full CV and transcripts in their applications and send to Dr Chik How Tan, tsltch@nus.edu.sg. Only shortlisted applications will be notified.

Closing date for applications:

Contact: Dr Chik How Tan, tsltch@nus.edu.sg

Responsibilities:

• Conduct research based on state-of-the-art cloud cryptography.
• Enroll in MSc (IT)/PhD (IT) in MMU.
• Publications in indexed journals.

Requirements:

• A relevant degree with good grades.
• Good knowledge in Cryptography, Mathematics, and Cloud Computing will be an added advantage.

Closing date for applications:

Contact: Interested candidates may submit their CV to Swee-Huay Heng (shheng@mmu.edu.my). Only shortlisted candidates will be contacted for interview.

Event date: 7 May to 10 May 2023
Submission deadline: 1 November 2022
Notification: 25 January 2023

Approximate computing techniques are extensively used in computationally intensive applications. Addition architecture being the basic component of computational unit, has received a lot of interest from approximate computing community. Approximate adders are designed with the motivation to reduce area, power and delay of their accurate versions at the cost of bounded loss in accuracy. A major class of approximate adders are implemented using binary logic circuits that operate with a high degree of predictability and speculation. This paper is one of the early attempt to vector model error values that occur in approximate architectures and the inputs fed to them. In this paper, we propose two vectors namely Error Vectors (EVs) and the Input Conditioning Vectors (ICVs) that will form the mathematical foundation of several probabilistic error evaluation methodologies. In other words, the suggested vectors can be used to develop assessment methods to measure the performance of approximate circuits. Our proposed vectors when utilised to analyze approximate circuits, will provide a descriptive idea about (i) chances of error generation and propagation, (ii) the amount of error at specific bit locations and its impact on overall result. This is however not conceivable with existing state-of-the-art methodologies.

Public blockchains are state machines replicated via distributed consensus protocols. Information on blockchains is public by default---marking privacy as one of the key challenges.

We identify two shortcomings of existing approaches to building blockchains for general privacy-preserving applications, namely (1) the reliance on external trust assumptions and (2) the dependency on execution environments (on-chain, off-chain, zero-knowledge, etc.) with heterogeneous programming frameworks.

Towards solving these problems, we propose PESCA---a privacy-enhancing smart contract architecture. PESCA utilizes generic building blocks such as threshold fully-homomorphic encryption (FHE), distributed key generation (DKG), dynamic proactive secrete sharing (DPSS), Byzantine-fault-tolerant (BFT) consensus, and universal succinct non-interactive zero-knowledge proofs (zk-SNARKs).

First, we formalize the problem of replicating state machines augmented with threshold decryption protocols and discuss how existing BFT consensus protocols can be adapted to this setting. We describe how to instantiate a blockchain with a fixed FHE public key and have FHE-encrypted chain states programmatically decrypted via consensus.

Next, we describe a smart-contract framework for engineering privacy-preserving applications, where programs are expressed---in a unified manner---between four types of computation: transparent on-chain, confidential (FHE) on-chain, user off-chain, and zero-knowledge off-chain.

Lastly, to showcase the generality and expressiveness of PESCA, we provide two simple application designs for constant function market makers (CFMMs) and first-price sealed-bid auctions (FPSBAs), both with maximal privacy guarantees.

Secure multiparty computation (MPC) is increasingly being used to address privacy issues in various applications. The recent work of Alon et al. (CRYPTO'20) identified the shortcomings of traditional MPC and defined a Friends-and-Foes (FaF) security notion to address the same. We showcase the need for FaF security in real-world applications such as dark pools. This subsequently necessitates designing concretely efficient FaF-secure protocols. Towards this, keeping efficiency at the center stage, we design ring-based FaF-secure MPC protocols in the small-party honest-majority setting. Specifically, we provide (1,1)-FaF secure 5 party computation protocols (5PC) that consider one malicious and one semi-honest corruption and constitutes the optimal setting for attaining honest-majority. At the heart of it lies the multiplication protocol that requires a single round of communication with 8 ring elements (amortized). To facilitate having FaF-secure variants for several applications, we design a variety of building blocks optimized for our FaF setting. The practicality of the designed (1,1)-FaF secure 5PC framework is showcased by benchmarking dark pools. In the process, we also improve the efficiency and security of the dark pool protocols over the existing traditionally secure ones. This improvement is witnessed as a gain of up to $62\times$ in throughput compared to the existing ones. Finally, to demonstrate the versatility of our framework, we also benchmark popular deep neural networks.

Multi-signature (MS) is a special type of public key signature (PKS) in which multiple signers participate cooperatively to generate a signature for a single message. Recently, applications that use an MS scheme to strengthen the security of blockchain wallets or to strengthen the security of blockchain consensus protocols are attracting a lot of attention. In this paper, we propose an efficient two-round MS scheme based on Okamoto signature rather than Schnorr signature. To this end, we first propose a new PKS scheme by modifying the Okamoto signature scheme, and prove the unforgeability of our PKS scheme under the discrete logarithm assumption in the algebraic group model (AGM) and the non-programmable random oracle model (ROM). Next, we propose a two-round MS scheme based on the new PKS scheme and prove the unforgeability of our MS scheme under the discrete logarithm assumption in the AGM and the non-programmable ROM. Our MS scheme is the first one to prove security among two-round MS based on Okamoto signature.

COQCRYPTOLINE is an automatic certified verification tool for cryptographic programs. It is built on OCAML programs extracted from algorithms fully certified in COQ with SS- REFLECT. Similar to other automatic tools, COQCRYPTO- LINE calls external decision procedures during verification. To ensure correctness, all answers from external decision procedures are validated by certified certificate checkers in COQCRYPTOLINE. We evaluate COQCRYPTOLINE on cryp- tographic programs from BITCOIN, BORINGSSL, NSS, and OPENSSL. The first certified verification of the reference implementation for number theoretic transform in the post- quantum key exchange mechanism KYBER is also reported.

Owner-centric control is a widely adopted method for easing owners' concerns over data abuses and motivating them to share their data out to gain collective knowledge. However, while many control enforcement techniques have been proposed, privacy threats due to the metadata leakage therein are largely neglected in existing works. Unfortunately, a sophisticated attacker can infer very sensitive information based on either owners' data control policies or their analytic task participation histories (e.g., participating in a mental illness or cancer study can reveal their health conditions). To address this problem, we introduce $\textsf{Vizard}$, a metadata-hiding analytic system that enables privacy-hardened and enforceable control for owners. $\textsf{Vizard}$ is built with a tailored suite of lightweight cryptographic tools and designs that help us efficiently handle analytic queries over encrypted data streams coming in real-time (like heart rates). We propose extension designs to further enable advanced owner-centric controls (with AND, OR, NOT operators) and provide owners with release control to additionally regulate how the result should be protected before deliveries. We develop a prototype of $\textsf{Vizard}$ that is interfaced with Apache Kafka, and the evaluation results demonstrate the practicality of $\textsf{Vizard}$ for large-scale and metadata-hiding analytics over data streams.

We study the problem of multi-user dynamic searchable symmetric encryption (DMUSSE) where a data owner stores its encrypted documents on an untrusted remote server and wishes to selectively allow multiple users to access them by issuing keyword search queries. Specifically, we consider the case where some of the users may be corrupted and colluding with the server to extract additional information about the dataset (beyond what they have access to). We provide the first formal security definition for the dynamic setting as well as forward and backward privacy definitions. We then propose μSE, the first provably secure DMUSSE scheme and instantiate it in two versions, one based on oblivious data structures and one based on update queues, with different performance trade-offs. Furthermore, we extend μSE to support verifiability of results. To achieve this, users need a secure digest initially computed by the data owner and changed after every update. We efficiently accommodate this, without relying on a trusted third party, by adopting a blockchain-based approach for the digests’ dissemination and deploy our schemes over the permissioned Hyperledger Fabric blockchain. We prototype both versions and experimentally evaluate their practical performance, both as stand-alone systems and running on top of Hyperledger Fabric.

A determined algorithm is presented for solving the rSUM problem for any natural r with a sub-quadratic assessment of time complexity in some cases. In terms of an amount of memory used the obtained algorithm is the nlog^3(n) order. The idea of the obtained algorithm is based not considering integer numbers, but rather k (is a natural) successive bits of these numbers in the binary numeration system. It is shown that if a sum of integer numbers is equal to zero, then the sum of numbers presented by any k successive bits of these numbers must be sufficiently "close" to zero. This makes it possible to discard the numbers, which a fortiori, do not establish the solution.

V. Anashin et al gave criteria for measure-preservation and ergodicity of 1-lipschitz transformations on the ring of p-adic integers. However, issue of describing the ergodic 1-lipschitz transformations on the Cartesian power of the ring of p-adic integers has been opened so far. In this paper we present the resulting solution to this problem. In other words, T-Funtions of several variables are considered.

KEMTLS is a proposal for changing the TLS handshake to authenticate the handshake using long-term key encapsulation mechanism keys instead of signatures, motivated by trade-offs in the characteristics of post-quantum algorithms. Prior proofs of security of KEMTLS and its variant KEMTLS-PDK have been hand-written proofs in the reductionist model under computational assumptions. In this paper, we present computer-verified symbolic analyses of KEMTLS and KEMTLS-PDK using two distinct Tamarin models. In the first analysis, we adapt the detailed Tamarin model of TLS 1.3 by Cremers et al. (ACM CCS 2017), which closely follows the wire-format of the protocol specification, to KEMTLS(-PDK). We show that KEMTLS(-PDK) has equivalent security properties to the main handshake of TLS 1.3 proven in this model. We were able to fully automate this Tamarin proof, compared with the previous TLS 1.3 Tamarin model, which required a big manual proving effort; we also uncovered some inconsistencies in the previous model. In the second analysis, we present a novel Tamarin model of KEMTLS(-PDK), which closely follows the multi-stage key exchange security model from prior pen-and-paper proofs of KEMTLS(-PDK). The second approach is further away from the wire-format of the protocol specification but captures more subtleties in security definitions, like deniability and different levels of forward secrecy; it also identifies some flaws in the security claims from the pen-and-paper proofs. Our positive security results increase the confidence in the design of KEMTLS(-PDK). Moreover, viewing these models side-by-side allows us to comment on the trade-off in symbolic analysis between detail in protocol specification and granularity of security properties.

This brief note introduces a new attack vector applicable to a symbolic computation tool routinely used by cryptographers.

The attack takes advantage of the fact that the very rich user interface allows displaying formulae in invisible color or in font size zero. This allows to render some code portions invisible when opened using the tool.

We implement a classical fault attack thanks to this deceptive mechanism but other cryptographic or non-cryptographic attacks (e.g. formatting the victim's disk or installing rootkits) can be easily conducted using identical techniques.

This underlines the importance of creating malware detection software for symbolic computation tools. Such protections do not exist as of today.

We stress that our observation is not a vulnerability in Mathematica but rather a misuse of the rich possibilities offered by the software.

Quantum copy-protection, introduced by Aaronson (CCC'09), uses the no-cloning principle of quantum mechanics to protect software from being illegally distributed. Constructing copy-protection has been an important problem in quantum cryptography. Since copy-protection is shown to be impossible to achieve in the plain model, we investigate the question of constructing copy-protection for arbitrary classes of unlearnable functions in the random oracle model. We present an impossibility result that rules out a class of copy-protection schemes in the random oracle model assuming the existence of quantum fully homomorphic encryption and quantum hardness of learning with errors. En route, we prove the impossibility of approximately correct copy-protection in the plain model.

We give the first constructions in the plain model of 1) nonmalleable digital lockers (Canetti and Varia, TCC 2009) and 2) robust fuzzy extractors (Boyen et al., Eurocrypt 2005) that secure sources with entropy below 1/2 of their length. Constructions were previously only known for both primitives assuming random oracles or a common reference string (CRS). Along the way, we define a new primitive called a nonmalleable point function obfuscation with associated data. The associated data is public but protected from all tampering. We use the same paradigm to then extend this to digital lockers. Our constructions achieve nonmalleability over the output point by placing a CRS into the associated data and using an appropriate non-interactive zero-knowledge proof. Tampering is protected against the input point over low-degree polynomials and over any tampering to the output point and associated data. Our constructions achieve virtual black box security. These constructions are then used to create robust fuzzy extractors that can support low-entropy sources in the plain model. By using the geometric structure of a syndrome secure sketch (Dodis et al., SIAM Journal on Computing 2008), the adversary’s tampering function can always be expressed as a low-degree polynomial; thus, the protection provided by the constructed nonmalleable objects suffices.