International Association
for Cryptologic Research

Today, authentication faces the trade-off of security versus usability. Two factor authentication, for example, is one way to improve security at the cost of requiring user interaction for every round of authentication. Most 2FA methods are bound to user's phone and fail if the phone is not available. We propose CoRA, a Collaborative Risk-aware Authentication method that takes advantage of any and many devices that the user owns. CoRA increases security, and preserves usability and privacy by using threshold MACs and by tapping into the knowledge of the devices instead of requiring user knowledge or interaction. Using CoRA, authentication tokens are generated collaboratively by multiple devices owned by the user, and the token is accompanied by a risk factor that indicates the reliability of the token to the authentication server. CoRA relies on a device-centric trust assessment to determine the relative risk factor and on threshold cryptography to ensure no single point of failure. CoRA does not assume any secure element or physical security for the devices. In this paper, we present the architecture and security analysis of CoRA. In an associated user study we discover that 78% of users have at least three devices with them at most times, and 93% have at least two, suggesting that deploying CoRA multi-factor authentication is practical today.

In [1], a novel cryptographic key exchange technique was proposed using the plactic monoid, based on the apparent difficulty of solving division problems in that monoid. Specifically, given elements c, b in the plactic monoid, the problem is to find q for which qb = c, given that such a q exists. In this paper, we introduce a metric on the plactic monoid and use it to give a probabilistic algorithm for solving that problem which is fast for parameter values in the range of interest.

The $q$-Strong Diffie-Hellman ($q$-SDH) parameters are foundational to efficient constructions of many cryptographic primitives such as zero-knowledge succinct non-interactive argument of knowledge, polynomial/vector commitments, verifiable secret sharing, and randomness beacon. The only existing method to generate these parameters securely is highly sequential, requires strong network synchrony assumptions, and has very high communication and computation cost. For example, to generate parameters for any given $q$, each party incurs a communication cost of $\Omega(nq)$ and requires $\Omega(n)$ rounds. Here $n$ is the number of parties in the secure multiparty computation protocol. Since $q$ is typically large, i.e., on the order of billions, the cost is highly prohibitive.

In this paper, we present Tauron, a distributed protocol to generate $q$-SDH parameters in an asynchronous network. In a network of $n$ parties, Tauron tolerates up to one-third of malicious parties. Each party incurs a communication cost of $O(q + n^2\log q)$ and the protocol finishes in $O(\log q + \log n)$ expected rounds. We provide a rigorous security analysis of our protocol. We implement Tauron and evaluate it with up to 128 geographically distributed parties. Our evaluation illustrates that Tauron is highly scalable and results in a 2-6$\times$ better runtime and 4-13$\times$ better per-party bandwidth usage.

Event date: 19 June to 22 June 2023
Submission deadline: 15 March 2023
Notification: 19 April 2023

Event date: 10 July 2023
Submission deadline: 30 January 2023
Notification: 15 March 2023

Mysten Labs believes that decentralized and open protocols are the bedrock of the internet of value. This is why at Mysten Labs, we are creating foundational infrastructure to accelerate the adoption of decentralized protocols based on blockchain technologies. Research internships at Mysten Labs provide a dynamic environment for research careers along with a number of industry-leading scientists and engineers. Our researchers and engineers pursue innovation in a range of scientific and technical disciplines to help solve complex challenges across the whole stack, from networking and systems to cryptography and consensus protocols. We are searching for Ph.D. students with a strong research background and an interest in blockchain technology. Some areas of research interest are distributed and concurrent systems, cryptography, security, distributed computing, incentives, and mechanism design. Research internships are available in all areas of research and are offered year-round, though they will begin in the summer of 2023. What You'll Do: Pursue applied and fundamental research Work with the engineering team on technical research problems Contribute to academic publications and blog posts Our Ideal Candidate Will Have: Enrolled in a Ph.D. program in Computer Science, or related technical field. Understanding of theoretical and practical aspects of secure distributed systems and/or cryptography. Passionate to participate in the next generation of Web3 technology Experienced technical writer and familiar with publishing in peer-reviewed conferences and journals.

Closing date for applications:

Contact: Andrew St.Germain

More information: https://jobs.ashbyhq.com/mystenlabs/68644b6d-879b-4573-9310-29b2aba114f1

Mysten Labs believes that decentralized and open protocols are the bedrock of the internet of value. This is why at Mysten Labs, we are creating foundational infrastructure to accelerate the adoption of decentralized protocols based on blockchain technologies. Research internships at Mysten Labs provide a dynamic environment for research careers along with a number of industry-leading scientists and engineers. Our researchers and engineers pursue innovation in a range of scientific and technical disciplines to help solve complex challenges across the whole stack, from networking and systems to cryptography and consensus protocols. We are searching for Ph.D. students with a strong research background and an interest in blockchain technology. Some areas of research interest are distributed and concurrent systems, cryptography, security, distributed computing, incentives, and mechanism design. Research internships are available in all areas of research and are offered year-round, though they will begin in the summer of 2023. What You'll Do: Pursue applied and fundamental research Work with the engineering team on technical research problems Contribute to academic publications and blog posts Our Ideal Candidate Will Have: Enrolled in a Ph.D. program in Computer Science, or related technical field. Understanding of theoretical and practical aspects of secure distributed systems and/or cryptography. Passionate to participate in the next generation of Web3 technology Experienced technical writer and familiar with publishing in peer-reviewed conferences and journals.

Closing date for applications:

Contact: Andrew St.Germain

More information: https://jobs.ashbyhq.com/mystenlabs/03e125fe-8f64-4da6-8b2d-267eb4398775

Role focus Research techniques to improve both the constant and asymptotic performance of our cryptographic protocols Perform literature reviews to identify new developments that could improve the Prover/Verifier efficiency of our cryptographic protocols (or replace them entirely) Develop security proofs for our ZK-SNARK circuit architectures Liaise with our applied cryptographers to assist them with implementing our cryptographic protocols in software Required experience PhD-level qualification in cryptography or a related field 4+ combined years of experience in post-PhD cryptographic research in academia and/or industry Lead author in one or more papers in the field of zero-knowledge cryptography Familiarity with algorithms, data structures and basic programming concepts Ability to read and understand software implementations of cryptographic protocols written in C++ A penchant for clear and comprehensive documentation Able to provide clear and constructive feedback for more junior cryptographers / applied cryptographers, mentoring where necessary A passion for blockchain, its potential, and what we’re trying to achieve.

Closing date for applications:

Contact: Travis

More information: https://boards.eu.greenhouse.io/aztec/jobs/4098527101

The Cryptography and Privacy Engineering Group (ENCRYPTO) @Department of Computer Science @Technical University of Darmstadt offers a full position for a Postdoctoral Researcher in Cryptography & Privacy Engineering, available immediately and for initially until 31.1.2025.

Our mission is to demonstrate that privacy can be efficiently protected in real-world applications via cryptographic protocols.

TU Darmstadt is a top research university for IT security, cryptography and computer science in Europe. The position is based in the City of Science Darmstadt, which is very international, livable and well-connected in the Rhine-Main area around Frankfurt. Knowledge of German is helpful, but not required, and TU Darmstadt offers a Welcome Center and language courses.

Job description

As postdoc @ENCRYPTO, you conduct research, build prototype implementations, and publish and present the results at top venues. You are involved in project management, teaching, co-advise PhD students and supervise thesis students & student research assistants. The position is co-funded by the ERC Starting Grant “Privacy-preserving Services on the Internet” (PSOTI), where we build privacy-preserving services on the Internet, which includes designing protocols for privately processing data among untrusted service providers using secure multi-party computation and implementing a scalable framework.

Your profile

• Completed PhD degree (or equivalent) at a top university in IT security, computer science, applied mathematics, electrical engineering, or a similar area
• Publications at top venues (CORE rank A*/A) for IT security/applied cryptography (e.g., EUROCRYPT, S&P, CCS, NDSS, USENIX SEC), ideally on cryptographic protocols and secure computation
• Experience in software development, project management and supervising students
• Self-motivated, reliable, creative, can work in a team, and want to do excellent research on challenging scientific problems with practical relevance
• The working language at ENCRYPTO is English, so you must be able to discuss/write/present scientific results in English.

Closing date for applications:

Contact: Thomas Schneider (application@encrypto.cs.tu-darmstadt.de)

More information: https://encrypto.de/POSTDOC

Would you like to work in the 2nd most happy country in the world? We are offering several fully funded PhD and PostDoc opportunities in St.Gallen and can offer you one of Europes most attractive working conditions. Living in Switzerland you can enjoy a high quality of life, a great international environment and an amazing public transport infrastructure allowing you easy access to many interesting European cities.

For more information about the open positions, please visit our job links. Please also apply via these links.
PhD:
https://jobs.unisg.ch/offene-stellen/funded-phd-student-in-applied-cryptography-privacy-preserving-biometric-authentication-m-f-d/e7a9e90b-02cd-45d0-ad4f-fc02131eaf86
PostDoc:
https://jobs.unisg.ch/offene-stellen/postdoc-fellow-in-cryptography-information-security-m-f-d/c35410fb-40bb-41f2-b298-8be150d8f9b6

If you are interested in a slightly different topic for your phd than listed in the job ad, please check out our research areas and state your research proposal in your motivation letter when applying for the job. We are happy to receive your application via the same job link as above.

Our group web page:
https://cybersecurity.unisg.ch

Closing date for applications:

Contact:
Eriane Breu, eriane.breu@unisg.ch (Administrative matters)
Prof. Katerina Mitrokotsa, katerina.mitrokotsa@unisg.ch (Research related questions)

More information: https://jobs.unisg.ch/offene-stellen/funded-phd-student-in-applied-cryptography-privacy-preserving-biometric-authentication-m-f-d/e7a9e90b-02cd-45d0-ad4f-fc02131eaf86

Authentication is the first, crucial step in securing digital assets like cryptocurrencies and online services like banking and social networks. It relies on principals maintaining exclusive access to credentials like cryptographic signing keys, passwords, and physical devices. But both individuals and organizations struggle to manage their credentials, resulting in loss of assets and identity theft. Multi-factor authentication improves security, but its analysis and design are mostly limited to one-shot mechanisms, which decide immediately.

In this work, we study mechanisms with back-and-forth interaction with the principals. For example, a user receives an email notification about sending money from her bank account and is given a period of time to abort the operation.

We formally define the authentication problem, where an authentication mechanism interacts with a user and an attacker and tries to identify the user. A mechanism's success depends on the scenario~-- whether the user / attacker know the different credentials; each credential can be safe, lost, leaked, or stolen. The profile of a mechanism is the set of all scenarios in which it succeeds. Thus, we have a partial order on mechanisms, defined by the subset relation on their profiles.

We find an upper bound on the profile size and discover three types of $n$-credential mechanisms (for any $n$) that are maximally secure, meeting this bound. We show these are all the unique maximal mechanisms for $n \le 3$.

We show the efficacy of our model by analyzing existing mechanisms, both theoretical and deployed in widely-used systems, and make concrete improvement proposals. We demonstrate the practicality of our mechanisms by implementing a maximally-secure cryptocurrency wallet.

Post-quantum Cryptography (PQC) has reached the verge of standardization competition, with Kyber as a winning candidate. In this work, we demonstrate practical backdoor insertion in Kyber through kleptrography. The backdoor can be inserted using classical techniques like ECDH or post-quantum Classic Mceliece. The inserted backdoor targets the key generation procedure where generated output public keys subliminally leak information about the secret key to the owner of the backdoor. We demonstrate first practical instantiations of such attack at the protocol level by validating it on TLS 1.3.

Authenticated encryption with associated data (AEAD) forms the core of much of symmetric cryptography, yet the standard techniques for modeling AEAD assume recipients have no ambiguity about what secret key to use for decryption. This is divorced from what occurs in practice, such as in key management services, where a message recipient can store numerous keys and must identify the correct key before decrypting. To date there has been no formal investigation of their security properties or efficacy, and the ad hoc solutions for identifying the intended key deployed in practice can be inefficient and, in some cases, vulnerable to practical attacks.

We provide the first formalization of nonce-based AEAD that supports key identification (AEAD-KI). Decryption now takes in a vector of secret keys and a ciphertext and must both identify the correct secret key and decrypt the ciphertext. We provide new formal security definitions, including new key robustness definitions and indistinguishability security notions. Finally, we show several different approaches for AEAD-KI and prove their security.

{We investigate the problem of recovering integer inputs (up to an affine scaling) when given only the integer monotonic polynomial outputs. Given $n$ integer outputs of a degree-$d$ integer monotonic polynomial whose coefficients and inputs are integers within known bounds and $n \gg d$, we give an algorithm to recover the polynomial and the integer inputs (up to an affine scaling). A heuristic expected time complexity analysis of our method shows that it is exponential in the size of the degree of the polynomial but polynomial in the size of the polynomial coefficients. We conduct experiments with real-world data as well as randomly chosen parameters and demonstrate the effectiveness of our algorithm over a wide range of parameters.

Using only the polynomial evaluations at specific integer points, the apparent hardness of recovering the input data served as the basis of security of a recent protocol proposed by Kesarwani et al. for secure $k$-nearest neighbour computation on encrypted data that involved secure sorting. The protocol uses the outputs of randomly chosen monotonic integer polynomial to hide its inputs except to only reveal the ordering of input data. Using our integer polynomial recovery algorithm, we show that we can recover the polynomial and the inputs within a few seconds, thereby demonstrating an attack on the protocol of Kesarwani et al.

Distributed key generation (DKG) allows bootstrapping threshold cryptosystems without relying on a trusted party, nowadays enabling fully decentralized applications in blockchains and multiparty computation (MPC). While we have recently seen new advancements for asynchronous DKG (ADKG) protocols, their performance remains the bottleneck for many applications, with only one protocol being implemented (DYX+ ADKG, IEEE S&P 2022). DYX+ ADKG relies on the Decisional Composite Residuosity assumption (expensive to instantiate) and the Decisional Diffie-Hellman assumption, incurring a high latency (more than 100s with a failure threshold of 16). Moreover, the security of DYX+ ADKG is based on the random oracle model (ROM) which takes hash function as an ideal function; assuming the existence of random oracle is a strong assumption and up to now we cannot find any theoretically-sound implementation. Furthermore, the ADKG protocol needs public key infrastructure (PKI) to support the trustworthiness of public keys. The strong models (ROM and PKI) further limit the applicability of DYX+ ADKG, as they would add extra and strong assumptions to underlying threshold cryptosystems. For instance, if the original threshold cryptosystem works in the standard model, then the system using DYX+ ADKG would need to use ROM and PKI.

In this paper, we design and implement a modular ADKG protocol that offers improved efficiency and stronger security guarantees. We explore a novel and much more direct reduction from ADKG to the underlying blocks, reducing both the computational overhead and communication rounds of ADKG in the normal case. Our protocol works for both the low-threshold and high-threshold scenarios, being secure under the standard assumption (the well-established discrete logarithm assumption only) in the standard model (no trusted setup, ROM, or PKI).

It is an involutory (self-reciprocal) quagmire 4 cipher. Furthermore, it is isomorphic to a Beaufort. Explicit keys and transformations are provided.

Many applications of blind signatures, such as those for blockchains, require the resulting signatures to be compatible with the existing system. This makes schemes that produce Schnorr signatures, which are now supported by major cryptocurrencies, including Bitcoin, desirable. Unfortunately, the existing blind-signing protocol has been shown insecure when users can open signing sessions concurrently (Eurocrypt'21). On the other hand, only allowing sequential sessions opens the door to denial-of-service attacks.

We present the first concurrently secure blind-signing protocol for Schnorr signatures, using the standard primitives NIZK and PKE and assuming that Schnorr signatures themselves are unforgeable. We cast our scheme as a generalization of blind and partially blind signatures. We formally define the notion of predicate blind signatures, in which the signer can define a predicate that the blindly signed message must satisfy.

Fault injection attacks have caused implementations to behave unexpectedly, leading to the extraction of cryptographic keys and the spectacular bypass of security features. Understandably, developers want to ensure the robustness of the software against faults and eliminate during production weaknesses that could lead to exploitation. Several open-source fault simulation tools have recently been released to the public, promising cost-effective fault evaluations. In this paper, we set out to discover how suitable such tools are for a developer who wishes to create robust software. The four fault simulation tools available to us employ different techniques to navigate faults and present varying difficulty levels to the user. We objectively compare the available open-source tools and discuss their benefits and drawbacks.

In this work, we introduce a lightweight communication-efficient multi-key approach suitable for the Federated Averaging rule. By combining secret-key RLWE-based HE, additive secret sharing and PRFs, we reduce approximately by a half the communication cost per party when compared to the usual public-key instantiations, while keeping practical homomorphic aggregation performances. Additionally, for LWE-based instantiations, our approach reduces the communication cost per party from quadratic to linear in terms of the lattice dimension.

The biometric system has become the desired alternative to a knowledge-based authentication system. An authentication system does not provide uniqueness, as a single user can create multiple registrations with different identities for authentication. Biometric authentication identifies users based on physical traits (fingerprint, iris, face, voice), which allows the system to detect multiple authentications from the same user. The biometric templates must be encrypted or hidden to preserve users' privacy. Moreover, we need a system to perform the matching process over encrypted data without decrypting templates to preserve the users' privacy. For the euclidean distance-based matching process, centralized server-based authentication leads to possible privacy violations of biometric templates since the power of computing inner product value over any two encrypted templates allows the server to retrieve the plain biometric template by computing a few inner products. To prevent this, we considered a decentralized system called collective authority, which is a part of a public network. The collective authority computes the collective public key with contributions from all nodes in the collective authority. It also performs a matching process over encrypted biometric templates in a decentralized manner where each node performs partial matching. Then the leader of the collective authority combines it to get the final value. We further provide a lattice-based verification system for each operation. Every time a node performs some computations, it needs to provide proof of the correctness of the computation, which is publicly verifiable. We finally make the system dynamics using Shamir's secret sharing scheme. In dynamic collective authority, only $k$ nodes out of the total $n$ nodes are required to perform the matching process. We further show that the security of the proposed system relies on the security of the underlying encryption scheme and the secret sharing scheme.