International Association
for Cryptologic Research

Event date: 1 May to 5 May 2023
Submission deadline: 19 October 2022
Notification: 19 January 2023

iTrust is a Cyber Security Research Center in SUTD and a National Satellite of Excellence in Singapore for securing critical infrastructure. iTrust hosts the world-class cyber-physical system (CPS) testbeds for water treatment (SWaT), water distribution (WADI) and power grid (EPIC). iTrust will build a new maritime testbed of shipboard OT systems (MariOT) for cybersecurity research, education, training, live-fire exercise, and technology validation.

We are looking for postdocs / research fellows with expertise on cybersecurity in general and CPS security, applied cryptography, or applied ML in particular. The candidates should have track record of strong R&D capability, with publications at leading security conferences (http://jianying.space/conference-ranking.html).

We are also looking for research assistants / software engineers with strong programming skills and good knowledge of cybersecurity, computer networks and applied ML.

Only **short-listed** candidates will be contacted for interview. Successful candidates will be offered internationally competitive remuneration.

Interested candidates please send your CV to Prof. Jianying Zhou.

Closing date for applications:

Contact: Prof. Jianying Zhou (Email: jianying_zhou@sutd.edu.sg)

More information: http://jianying.space/

Description

IO Global is searching for a Cryptographic Engineer to join their Core Technology team. As Cryptographic Engineer you will have the exciting challenge of working on cutting-edge research and technology focusing on the market’s needs. You will be working with the Cardano-related projects, such as Cardano Core Cryptographic Primitives, Hydra, Mithril or Sidechains.

The Cryptography Engineering team is growing with the goal of bringing recent academic papers into production. In this team, you will work closely with researchers and engineers, being the bridge between both teams. As Cryptography Engineer you are responsible for writing high-quality code. To support you, our products have software architects, product managers, project managers, formal methods specialists, and QA test engineers, with whom you must communicate professionally, effectively, and efficiently.

Your mission

Working with teams across time zones

• Working independently on software development tasks
• Being proactive and requiring minimal supervision or mentoring to complete tasks
• Reviewing specifications produced by architects and formal methods specialists
• Contributing to the design of algorithms
• Troubleshooting, debugging, and upgrading software
• Writing documentation for the code
• Writing technical user manuals
• Understanding complex cryptographic concepts from academic papers
• Bridging ideas from academic papers to production ready systems.

Requirements

Your expertise

• Degree in computer science or mathematics is desirable, but not essential.
• Experience with systems programming (C/C++/Rust)
• Skilled in software development methods such as agile programming and test-driven development
• Experience in developing cryptography protocols would be a bonus, as would blockchain experience.

Location

IOG is a fully distributed organization and therefore this is a remote position. Due to team distribution we are ideally searching for someone in an European timezone.

Closing date for applications:

Contact: marios.nicolaides@iohk.io

More information: https://apply.workable.com/io-global/j/1B3EF63104/

Technology Innovation Institute (TII) is a publicly funded research institute, based in Abu Dhabi, United Arab Emirates. It is home to a diverse community of leading scientists, engineers, mathematicians, and researchers from across the globe, transforming problems and roadblocks into pioneering research and technology prototypes that help move society ahead.

Cryptography Research Center

In our connected digital world, secure and reliable cryptography is the foundation of digital information security and data integrity. We address the world’s most pressing cryptographic questions. Our work covers post-quantum cryptography, lightweight cryptography, cloud encryption schemes, secure protocols, quantum cryptographic technologies and cryptanalysis.

Position: Cryptography Hardware Engineer

Designing, implementing and verifying/validating cryptographic hardware cores for FPGAs and/or ASICs

Designing, implementing and verifying/validating cryptographic hardware cores for FPGAs and/or ASICs

Participating in cutting edge research projects

Skills required for the job

Experience with architecture and design of hardware cryptographic accelerators

Strong knowledge of RTL coding, logic design principles along with timing and power implications

Good understanding of a wide range of (synchronous/asynchronous) digital and/or analog circuit design techniques

Hands-on experience with state-of-the-art CAD tools (for FPGAs and/or ASICs)

Experience with advanced CMOS designs - (nice to have)

Knowledge of Verification techniques like Tcl scripts, makefile testing, Cosimulation (UVM flow good to have) - (nice to have)

Understanding of implementation attacks (e.g., side-channel analysis and/or fault injection) and the corresponding countermeasures - (nice to have)

Proven experience (i.e., papers and/or patents) doing academic and/or industrial research

Qualifications

PhD degree in hardware/cryptography engineering (preferred) or BS/MS degree in electrical/electronic/computer engineering or 5+ years of relevant experience in the industry

Closing date for applications:

Contact: Mehdi Messaoudi - Talent Acquisition Manager
mehdi.messaoudi@tii.ae

Chakraborty, Prabhakaran, and Wichs (PKC'20) recently introduced a new tag-based variant of lossy trapdoor functions, termed cumulatively all-lossy-but-one trapdoor functions (CALBO-TDFs). Informally, CALBO-TDFs allow defining a public tag-based function with a (computationally hidden) special tag, such that the function is lossy for all tags except when the special secret tag is used. In the latter case, the function becomes injective and efficiently invertible using a secret trapdoor. This notion has been used to obtain advanced constructions of signatures with strong guarantees against leakage and tampering, and also by Dodis, Vaikunthanathan, and Wichs (EUROCRYPT'20) to obtain constructions of randomness extractors with extractor-dependent sources. While these applications are motivated by practical considerations, the only known instantiation of CALBO-TDFs so far relies on the existence of indistinguishability obfuscation.

In this paper, we propose the first two instantiations of CALBO-TDFs based on standard assumptions. Our constructions are based on the LWE assumption with a sub-exponential approximation factor and on the DCR assumption, respectively, and circumvent the use of indistinguishability obfuscation by relying on lossy modes and trapdoor mechanisms enabled by these assumptions.

Randomized cache architectures have proven to significantly increase the complexity of contention-based cache side channel attacks and therefore pre\-sent an important building block for side channel secure microarchitectures. By randomizing the address-to-cache-index mapping, attackers can no longer trivially construct minimal eviction sets which are fundamental for contention-based cache attacks. At the same time, randomized caches maintain the flexibility of traditional caches, making them broadly applicable across various CPU-types. This is a major advantage over cache partitioning approaches.

A large variety of randomized cache architectures has been proposed. However, the actual randomization function received little attention and is often neglected in these proposals. Since the randomization operates directly on the critical path of the cache lookup, the function needs to have extremely low latency. At the same time, attackers must not be able to bypass the randomization which would nullify the security benefit of the randomized mapping. In this paper we propose \cipher (\underline{S}ecure \underline{CA}che \underline{R}andomization \underline{F}unction), the first dedicated cache randomization cipher which achieves low latency and is cryptographically secure in the cache attacker model. The design methodology for this dedicated cache cipher enters new territory in the field of block ciphers with a small 10-bit block length and heavy key-dependency in few rounds.

The random oracle methodology is central to the design of many practical cryptosystems. A common challenge faced in several systems is the need to have a random oracle that outputs from a structured distribution $\mathcal{D}$, even though most heuristic implementations such as SHA-3 are best suited for outputting bitstrings.

Our work explores the problem of sampling from discrete Gaussian (and related) distributions in a manner that they can be programmed into random oracles. We make the following contributions:

-We provide a definitional framework for our results. We say that a sampling algorithm $\mathsf{Sample}$ for a distribution is explainable if there exists an algorithm $\mathsf{Explain}$ where, for a $x$ in the domain, we have that $\mathsf{Explain}(x) \rightarrow r \in \{0,1\}^n$ such that $\mathsf{Sample}(r)=x$. Moreover, if $x$ is sampled from $\mathcal{D}$ the explained distribution is statistically close to choosing $r$ uniformly at random. We consider a variant of this definition that allows the statistical closeness to be a "precision parameter'' given to the $\mathsf{Explain}$ algorithm. We show that sampling algorithms which satisfy our `explainability' property can be programmed as a random oracle.

-We provide a simple algorithm for explaining \emph{any} sampling algorithm that works over distributions with polynomial sized ranges. This includes discrete Gaussians with small standard deviations.

-We show how to transform a (not necessarily explainable) sampling algorithm $\mathsf{Sample}$ for a distribution into a new $\mathsf{Sample}'$ that is explainable. The requirements for doing this is that (1) the probability density function is efficiently computable (2) it is possible to efficiently uniformly sample from all elements that have a probability density above a given threshold $p$, showing the equivalence of random oracles to these distributions and random oracles to uniform bitstrings. This includes a large class of distributions, including all discrete Gaussians.

-A potential drawback of the previous approach is that the transformation requires an additional computation of the density function. We provide a more customized approach that shows the Miccancio-Walter discrete Gaussian sampler is explainable as is. This suggests that other discrete Gaussian samplers in a similar vein might also be explainable as is.

We give algebraic relations among equations of three algebraic modelings for MinRank problem: support minors modeling, Kipnis–Shamir modeling and minors modeling.

Lurk is an in-development, Turing-complete programming language for recursive zk-SNARKs. It is a statically scoped dialect of Lisp, implemented in Rust to support evaluation, proving, and verification in zero-knowledge. Since Lurk is Turing-complete, it can be used (within resource limits) to make and prove arbitrary computational claims without the constraints of traditional fixed-circuit SNARKs. A Rust Cryptography Engineer for Lurk will help drive the development of the Lurk programming language. The ideal candidate for this job will have deep knowledge of zero-knowledge cryptography and experience writing zk-proofs or zk-proof adjacent software in Rust. You can learn more about Lurk at https://github.com/lurk-lang and the Rust implementation at https://github.com/lurk-lang/lurk-rs.

Closing date for applications:

Contact: Luke Sandquist

More information: https://boards.greenhouse.io/protocollabs/jobs/4616824004

We have two PhD positions in Post Quantum Cryptography at UNSW, Sydney funded by the Sydney Quantum Academy (SQA).

1. Post Quantum Cryptography for Blockchains
2. Towards a Quantum-Safe Internet

The scholarships are for a maximum period of 4 years.

Prospective students are expected to have strong mathematical inclination and strong background in data structures, discrete mathematics and algorithms. Candidates with knowledge of cryptography (such as completion of undergraduate/graduate course or research project) will be preferred.

Open to students who have completed a bachelor’s degree or a master’s degree in Computer Science, Mathematics or a related discipline. Candidates in their final year of study are welcome to apply.

SQA Deadline: September 26, 2022.
UNSW Deadline: September 30, 2022.

Closing date for applications:

Contact: Please contact Dr. Sushmita Ruj (Email: Sushmita.ruj@unsw.edu.au) with your CV and transcripts if you are interested.

More information: https://www.sydneyquantum.org/program/sqa-phd-scholarships/

Topic: Remote attack on a quantum key distribution system. Modern-era cryptography is threatened by recent developments in quantum computing. One way of mitigating this threat is quantum cryptography, or more specifically quantum key distribution (QKD) protocol. A QKD system consists in hardware to create and transport quantum states, as well as software to interface quantum hardware with classical communication infrastructure. Literature on attacks is still limited in this field. Examples are Makarov et al., Nature Photon. 2010 and Alléaume et al., Phys. Rev. A 2016. These works mainly concern physical vulnerabilities on the hardware hence they require to gain physical access to the network in order to perform the attack. In an objective of certification and standardisation of future QKD systems, the whole spectrum of vulnerabilities must be studied, including remote attacks. The subject of this post-doc offer aims at finding attacks on a QKD system without physical access to the hardware, as well as suggesting countermeasures. In the target attack scenario, the attacker has no physical access to hardware, but he can leave a third-party software on one of the machines of the QKD system. How the attacker gains access to the machine to drop the software file is out of scope. The objective of this work is to make the third-party software modify the behaviour of physical systems in order to cause a leak of sensitive information or a denial of service. Fully software oriented attacks, such as memory scrapping or random generation weakening, are thus excluded from this work. An example of acceptable attack would be a modification of the clock by the third-party, see Jouguet et al., Phys. Rev. A 2020 (the difference being that clock modification is caused by software instead of hardware). Another possibility would be to change the physical parameters of the QKD system, e.g. by using the API of the pilot component of the system. the post-doc will focus on a specific operational QKD system. Ideal profile: PhD in quantum physics with interest for computer security or the opposite. Useful skills: cryptography; reverse engineering; software development.

Closing date for applications:

Contact: Eleni Diamanti, Laboratoire d’Informatique de Sorbonne Université (LIP6)

Private and Secure Computation on Personal Data The recruited postdoctoral researcher is expected to work on the design of a distributed data vault that can (i) store personal data while keeping it safe from third parties, (ii) support computation on encrypted or otherwise protected personal data to obtain aggregate statistics while respecting the privacy of the individual data items, (iii) provide means to remunerate users that enable computation on their personal data. In particular, we aim to address this challenge by relying on a byzantine-fault tolerant [1,2] decentralized storage platform that can store data reliably in encrypted form. We plan to combine techniques like multiparty computation [3] and homomorphic encryption [4] with technologies like trusted execution environments [5] to enable computation on such encrypted data. This will allow us to address a variety of use cases, such as decentralized [6] and federated machine learning algorithms [7]. The system should also keep track of the usage of personal data to support remuneration schemes. To this end, we plan to leverage our recent theoretical work on lightweight distributed ledgers [8, 9]. The postdoctoral researcher will contribute by performing original research on these topics, and will also participate in the supervision of Masters and PhD students. In doing so, he or she will collaborate with Davide Frey and other members of the WIDE team, as well as with international partners within the SOTERIA project and other related projects. Although teaching is not a requirement, the candidate can also choose to teach relevant courses at the University of Rennes 1 and affiliated institutions.

Closing date for applications:

Contact: Davide Frey

More information: https://recrutement.inria.fr/public/classic/fr/offres/2022-05366

The Theory of Computer Science (TCS) group at the Informatics Institute (IvI) of the University of Amsterdam (UvA) is looking for an excellent candidate for a fully funded PhD position as part of QSI (Quantum-Safe Internet), a Marie Curie Innovative Training Network (MSCA-ITN). The QSI network involves top-ranking partner universities from France, Italy, Germany, the Netherlands, Denmark, Spain, the UK, and Switzerland, as well as industrial partners.

You will conduct research at the intersection of quantum and post-quantum cryptography and publish/ present the results at top venues for research in crypto/ IT Security. You will be supervised by Prof. Christian Schaffner and Dr. Florian Speelman.

We are looking for a candidate with:

• a MSc in computer science, mathematics, or a related field;
• strong academic performance in university-level courses related to cryptography, IT security, theoretical CS, or mathematics;
• professional command of English and good presentation skills;
• compliance with the MSCA-ITN mobility rule: you must not have resided or carried out your main activity (work, studies, etc.) in the Netherlands for more than 12 months in the 36 months immediately before your recruitment date.

Familiarity with provable security and/ or a strong mathematical background are a plus.

We offer:

• Full-time employment for the duration of the PhD
• A well-rounded training offered by the QSI network, covering a range of topics related to secure communications in the quantum era, as well as complementary training intended to enhance your personal development.
• Generous travel budget that allows for, e.g., exposure to different sectors via planned placements and attendance to summer schools.

Closing date for applications:

Contact: Prof. Christian Schaffner

More information: https://vacatures.uva.nl/UvA/job/PhD-Quantum-Cryptography/754463502/

Associate/Full Professor of Cybersecurity and Commonwealth Cyber Initiative Fellow

The George Mason University and Commonwealth Cyber Initiative (CCI), within the College of Engineering and Computing (CEC), invites applications for an Associate/Full Professor of Cybersecurity and Commonwealth Cyber Initiative Fellow position. GMU has a strong institutional commitment to the achievement of excellence and diversity among its faculty and staff, and strongly encourages candidates to apply who will enrich Mason’s academic and culturally inclusive environment.

About the Position:

The incumbent will conduct research at GMU and as part of the Northern Virginia Node of the Commonwealth Cyber Initiative, and in partnership with researchers from the Coastal Node of the Commonwealth Cyber Initiative and Old Dominion University. Successful candidates will have access to the faculty and facilities of both GMU and Old Dominion University to enable their success.

Responsibilities:

Serve as the director of the interdisciplinary research effort between GMU, Old Dominion University and the Northern Virginia and Coastal Nodes of the CCI;

Leverage university-level strategic priorities in cybersecurity research to lead transformative growth and impact the research portfolio, and to further encourage and foster new and existing collaborations with academic, industrial, and governmental institutions in Northern Virginia, Coastal Virginia and the greater Washington, D.C., area;

Accelerate the growth of high-quality academic programs, facilitate interdisciplinary research initiatives, and broaden the scope and focus areas of research in Mason with significant potential for commercialization.

Required Qualifications:

Doctorate in CS, ECE, IT, or a related field;

Eligible for a tenured appointment as associate or full professor;

Outstanding cybersecurity research and publication record;

Commitment to excellence in both graduate and undergraduate education

significant leadership experience

US citizen

Closing date for applications:

Contact: More information: https://jobs.chronicle.com/job/37290398/associatefull-professor-of-cybersecurity-and-commonwealth-cyber-initiative-fellow?

More information: https://jobs.chronicle.com/job/37290398/associatefull-professor-of-cybersecurity-and-commonwealth-cyber-initiative-fellow?utm_campaign=google_jobs_apply&utm_source=google_jobs_apply&utm_medium=organic

Recent advances in quantum computing are increasingly jeopardizing the security of cryptosystems currently in widespread use, such as RSA or elliptic-curve signatures. To address this threat, researchers and standardization institutes have accelerated the transition to quantum-resistant cryptosystems, collectively known as Post-Quantum Cryptography (PQC). These PQC schemes present new challenges due to their larger memory and computational footprints and their higher chance of latent vulnerabilities.

In this work, we address these challenges by introducing a scheme to upgrade the digital signatures used by security keys to PQC, focusing on both its theoretical and practical aspects. Specifically, we introduce a hybrid digital signature scheme based on two building blocks: a classically-secure scheme, ECDSA, and a post-quantum secure one, Dilithium. Our hybrid scheme maintains the guarantees of each underlying building block even if the other one is broken, thus being resistant to classical and quantum attacks. Additionally, our hybrid scheme ensures that an adversary cannot derive ECDSA or Dilithium signatures that this authentication protocol considers valid. On the practical aspect, we experimentally show that our hybrid signature scheme can successfully execute on current security keys, even though secure PQC schemes are known to require substantial resources.

We publish an open-source implementation of our scheme at http://anonymous.4open.science/r/OpenSK-D018/ so that other researchers can reproduce our results on a nRF52840 development kit.

We say a public-key encryption is plaintext-extractable in the random oracle model if there exists an algorithm that given access to all inputs/outputs queries to the random oracles can simulate the decryption oracle. We argue that plaintext-extractability is enough to show the indistinguishably under chosen ciphertext attack (IND-CCA) of OAEP+ transform (Shoup, Crypto 2001) when the underlying trapdoor permutation is one-way.

We extend the result to the quantum random oracle model (QROM) and show that OAEP+ is IND-CCA secure in QROM if the underlying trapdoor permutation is quantum one-way.

We consider the problem of proving in zero-knowledge the existence of vulnerabilities in executables compiled to run on real-world processors. We demonstrate that it is practical to prove knowledge of real exploits for real-world processor architectures without the need for source code and without limiting our consideration to narrow vulnerability classes. To achieve this, we devise a novel circuit compiler and a toolchain that produces highly optimized, non-interactive zero-knowledge proofs for programs executed on the MSP430, an ISA commonly used in embedded hardware. Our toolchain employs a highly optimized circuit compiler and a number of novel optimizations to construct efficient proofs for program binaries. To demonstrate the capability of our system, we test our toolchain by constructing proofs for challenges in the Microcorruption capture the flag exercises.

Homomorphic encryption (HE) is a cryptosystem that allows secure processing of encrypted data. One of the most popular HE schemes is the Brakerski-Fan-Vercauteren (BFV), which supports somewhat (SWHE) and fully homomorphic encryption (FHE). Since overly involved arithmetic operations of HE schemes are amenable to concurrent computation, GPU devices can be instrumental in facilitating the practical use of HE in real world applications thanks to their superior parallel processing capacity.

This paper presents an optimized and highly parallelized GPU library to accelerate the BFV scheme. This library includes state-of-the-art implementations of Number Theoretic Transform (NTT) and inverse NTT that minimize the GPU kernel function calls. It makes an efficient use of the GPU memory hierarchy and computes 128 NTT operations for ring dimension of $2^{14}$ only in $176.1~\mu s$ on RTX~3060Ti GPU. To the best of our knowlede, this is the fastest implementation in the literature. The library also improves the performance of the homomorphic operations of the BFV scheme. Although the library can be independently used, it is also fully integrated with the Microsoft SEAL library, which is a well-known HE library that also implements the BFV scheme. For one ciphertext multiplication, for the ring dimension $2^{14}$ and the modulus bit size of $438$, our GPU implementation offers $\mathbf{63.4}$ times speedup over the SEAL library running on a high-end CPU. The library compares favorably with other state-of-the-art GPU implementations of NTT and the BFV operations. Finally, we implement a privacy-preserving application that classifies encrpyted genome data for tumor types and achieve speedups of $42.98$ and $5.7$ over a CPU implementations using single and 16 threads, respectively. Our results indicate that GPU implementations can facilitate the deployment of homomorphic cryptographic libraries in real world privacy preserving applications.

For several decades, constructing pseudorandom functions from pseudorandom permutations, so-called Luby-Rackoff backward construction, has been a popular cryptographic problem. Two methods are well-known and comprehensively studied for this problem: summing two random permutations and truncating partial bits of the output from a random permutation. In this paper, by combining both summation and truncation, we propose new Luby-Rackoff backward constructions, dubbed SaT1 and SaT2, respectively. SaT2 is obtained by partially truncating output bits from the sum of two independent random permutations, and SaT1 is its single permutation-based variant using domain separation. The distinguishing advantage against SaT1 and SaT2 is upper bounded by O(\sqrt{\mu q_max}/2^{n-0.5m}) and O({\sqrt{\mu}q_max^1.5}/2^{2n-0.5m}), respectively, in the multi-user setting, where n is the size of the underlying permutation, m is the output size of the construction, \mu is the number of users, and q_max is the maximum number of queries per user. We also prove the distinguishing advantage against a variant of XORP[3]~(studied by Bhattacharya and Nandi at Asiacrypt 2021) using independent permutations, dubbed SoP3-2, is upper bounded by O(\sqrt{\mu} q_max^2}/2^{2.5n})$. In the multi-user setting with \mu = O(2^{n-m}), a truncated random permutation provides only the birthday bound security, while SaT1 and SaT2 are fully secure, i.e., allowing O(2^n) queries for each user. It is the same security level as XORP[3] using three permutation calls, while SaT1 and SaT2 need only two permutation calls.

The permissionless clock synchronization problem asks how it is possible for a population of parties to maintain a system-wide synchronized clock, while their participation rate fluctuates --- possibly very widely --- over time. The underlying assumption is that parties experience the passage of time with roughly the same speed, but however they may disengage and engage with the protocol following arbitrary (and even chosen adversarially) participation patterns. This (classical) problem has received renewed attention due to the advent of blockchain protocols, and recently it has been solved in the setting of proof of stake, i.e., when parties are assumed to have access to a trusted PKI setup [Badertscher et al., Eurocrypt ’21].

In this work, we present the first proof-of-work (PoW)-based permissionless clock synchronization protocol. Our construction assumes a public setup (e.g., a CRS) and relies on an honest majority of computational power that, for the first time, is described in a fine-grain timing model that does not utilize a global clock that exports the current time to all parties. As a secondary result of independent interest, our protocol gives rise to the first PoW-based ledger consensus protocol that does not rely on an external clock for the time-stamping of transactions and adjustment of the PoW difficulty.