IACR News
Here you can see all recent updates to the IACR webpage. These updates are also available:
15 December 2022
Yuan Tian
ePrint ReportPranav Shriram A, Nishat Koti, Varsha Bhat Kukkala, Arpita Patra, Bhavish Raj Gopal
ePrint ReportThomas Hanson, Qian Wang, Santosh Ghosh, Fernando Virdia, Anne Reinders, Manoj R. Sastry
ePrint ReportStefan Kölbl
ePrint ReportCas Cremers, Alexander Dax, Aurora Naska
ePrint ReportThe SPDM protocol inherits requirements and design ideas from IETF's TLS 1.3. However, its state machines and transcript handling are substantially different and more complex. While architecture, specification, and open-source libraries of the current versions of SPDM are publicly available, these include no significant security analysis of any kind.
In this work we develop the first formal model of the SPDM protocol, notably of the current version 1.2.1, and formally analyze its main security properties.
14 December 2022
Ottawa, Canada, 3 March -
Event CalendarKIT, Institute of Information Security and Dependability (KASTEL), Karlsruhe, Germany
Job PostingYou are part of the KASTEL Security Research Labs and conduct research as part of the Cryptography and Security group of the Institute of Information Security and Dependability. You will conduct independent research in the field of cryptography while also guiding PhD students. In addition, you will perform teaching duties.
Personal qualification:
- You have a university degree (Master or equivalent) in computer science or a directly related field, and have completed an excellent PhD in cryptography.
- In addition, extensive expertise in a specialist subfield, such as
- secure multiparty computation,
- secure computation with trusted hardware, or
- post-quantum cryptography,
- Your research experience is evidenced by excellent publications at recognized international conferences.
- Teaching experience is highly desired.
- Furthermore, an interest in interdisciplinary research is desirable.
- Personally, you are characterized by an independent, structured way of working and a high degree of reliability.
- You also bring initiative, strong communication, and teamwork skills.
- The position requires a good command of the English language.
Contract duration: 2 years
Application up to: January 15, 2023
Closing date for applications:
Contact: Prof. Jörn Müller-Quade (joern.mueller-quade@kit.edu), Dr. Willi Geiselmann (willi.geiselmann@kit.edu)
More information: https://www.pse.kit.edu/english/karriere/joboffer.php?id=91701&new=true
Flensburg University of Applied Sciences
Job Posting- Internet and computer security
- distributed and decentralized security (e.g. cloud, blockchain)
- cryptography
Interested candidates will kindly include their full CV and transcripts in their applications and send to personal.bewerbungen@hs-flensburg.de. You may also contact Prof. Dr. Sebastian Gajek for details.
Deadline for applications is January 7th, 2023.
We encourage early applications and review of applications will begin immediately. Only shortlisted applications will be notified.
Closing date for applications:
Contact: Sebastian Gajek (sebastian.gajek@hs-flensburg.de)
More information: https://hs-flensburg.de/hochschule/stellenangebote/2022/11/w2-professur-fuer-it-sicherheit-und-internettechnologien-mwd
SnT, University of Luxembourg
Job Posting- applied or symmetric cryptography
- cryptofinance, cryptoeconomics, blockchains
- anonymity and privacy on the Internet
- Conduct, publish and present research results at conferences
- Provide guidance to the two Ph.D. students of the project
- Attract funding in cooperation with academic and industrial partners
- A Ph.D. degree in Computer Science, Applied Mathematics or a related field
- Competitive research record in applied cryptography or information security (at least one paper in top 10 IT security/crypto conferences)
- Strong mathematical and algorithmic CS background, economics/finance - a plus
- Good skills in programming and scripting languages
- Fluent written/verbal communication skills in English
Application Applications, written in English, should be submitted online and should include:
- A brief cover letter explaining the candidate's motivation and research interests
- Curriculum Vitae (including photo, education/research/work, publications, interests, contributions to open-source projects, participation in research competitions, olympiads, CTFs, etc.)
- Contact information of 3 referees
Closing date for applications:
Contact: Prof. Alex Biryukov (e-mail: first name dot family name (at) uni.lu)
More information: https://www.cryptolux.org/index.php/Vacancies
Queen's University Belfast
Job PostingThe successful candidate must have, and your application should clearly demonstrate you have:
Duration: This is a fixed term contact for 30 months, or available until 30/09/2025, whichever is sooner. Fixed term contract posts are available for the stated period in the first instance but in particular circumstances may be renewed or made permanent subject to availability of funding.
Application Deadline: 9 Jan 2023
Application details: https://www.jobs.ac.uk/job/CVV449/research-fellow-in-hardware-security
Closing date for applications:
Contact: Dr. Chongyan Gu (c.gu@qub.ac.uk)
More information: https://www.jobs.ac.uk/job/CVV449/research-fellow-in-hardware-security
University of Central Florida
Job PostingClosing date for applications:
Contact: Questions regarding this search may be directed to Dr. Yan Solihin (yan.solihin@ucf.edu) or Dr. Paul Gazzillo (paul.gazzillo@ucf.edu).
Helsinki Institute for Information Technology, Helsinki, Finland
Job PostingThe Helsinki Institute for Information Technology (HIIT) invites applications for Postdoctoral Fellows and Research Fellows. HIIT offers a HIIT Postdoctoral Fellow position up to three years. For more senior candidates, HIIT offers a HIIT Research Fellow position up to five years. The length of the contract as well as the starting and ending dates are negotiable.
All excellent researchers in any area of ICT can be considered, but priority is given to candidates who support one (or more) of the HIIT strategic focus areas:
- Artificial Intelligence
- Computational Health
- Cybersecurity
- Data Science
- Foundations of Computing
The deadline for applications is January 8th, 2023 at 11:59 PM (23:59 UTC+02:00). By applying to this call, organized by Helsinki Institute for Information Technology HIIT, you use one application to apply to positions for both of our hosting institutions, Aalto University and the University of Helsinki. Aalto University and the University of Helsinki are the two leading universities in Finland in computer science and information technology. Both are located in the Helsinki Metropolitan area, and the employing university will be determined by the supervising professor. Aalto University and the University of Helsinki are both committed to fostering an inclusive environment with people from diverse backgrounds, and researchers from underrepresented groups are particularly encouraged to apply.
Closing date for applications:
Contact:
For any question regarding the electronic application system, please contact Maaria Ilanko (firstname.lastname@aalto.fi)
For questions regarding these positions, please contact the HIIT coordinator at coordinator@hiit.fi
More information: https://www.hiit.fi/hiit-postdoctoral-and-research-fellow-positions/
Fortanix
Job PostingFortanix is hiring a Sr. Software Engineer, Cryptography. Join a passionate team that will highly appreciate your contributions.
You will- Implement and maintain production-ready cryptography code in Rust and C/C++, including post-quantum algorithms and secure cryptography APIs.
- Analyze state-of-the-art attacks and implement side-channel mitigations.
- Participate in peer code review, educate.
- Help deploy, monitor, and tune the performance of our software.
- Analyze existing internal and partner security designs.
Requirements: A Master's degree or PhD in Cryptography or a related field, or equivalent training or work experience. Uncompromising integrity, outstanding attention to detail, programming experience.
We can offer: competitive salary, relocation support, 25 holidays and travel expense remuneration.
Closing date for applications:
Contact: francisco.vialprado@fortanix.com
University of Amsterdam
Job PostingWhat are you going to do?
- Carry out original research in the field of implementation and applications of privacy preserving technologies for data analytics in healthcare
- Be active in the fundamental and/or applied research area, publishing in high level international journals and presenting at leading conferences
- Take part in ongoing educational activities, such as assisting in a course and guiding student thesis projects, at the BSc or MSc level
- Collaborate with other groups, institutes and/or companies by contributing expertise to joint research projects
- Contribute to activities and deliverables of the SECURED Horizon Europe Project
- An MSc degree in Computer Science, Computer Engineering, or Electrical Engineering (or a related discipline)
- Strong analytical and technical skills; Good problem-solving skills
- An interdisciplinary mindset and an open and proactive personality in interacting with researchers from different disciplines
- A strong scientific interest in security and privacy, in particular in at least one of the following two fields:
- efficient implementation of cryptographic and privacy preserving primitives, both in hardware and in software
- application, orchestration, and improvement of privacy-preserving techniques to achieve given data protection objectives
- The willingness to work in a highly international research team;
- Fluency in oral and written English and good presentation skills
- Ability to assess practical implementation of privacy preserving techniques
https://vacatures.uva.nl/UvA/job/Two-PhD-Positions-on-Efficient-Privacy-preserving-Techniques-for-Data-Analysis-and-Machine/760571702/
Closing date for applications:
Contact: Francesco Regazzoni
More information: https://tinyurl.com/4s4kzwn6
Chen-Da Liu-Zhang, Christian Matt, Søren Eller Thomsen
ePrint ReportMichael Walter
ePrint ReportIn this short note, we show that the claims made in the two aforementioned works with regards to the leakage through the timing side channel are false. We demonstrate that the active attack, a standard attack against IND-CPA secure LWE-based encryption, can be mounted just as efficiently without the "side channel information".
13 December 2022
Giulia Scaffino, Lukas Aumayr, Zeta Avarikioti, Matteo Maffei
ePrint ReportWe introduce Glimpse, a novel on-demand cross-chain synchronization primitive, which is both efficient in terms of on-chain costs and computational overhead, and expressive in terms of applications it supports. The key idea of Glimpse is to synchronize transactions on-demand, i.e., only those relevant to realize the cross-chain application of interest. We present a concrete instantiation which is compatible with blockchains featuring a limited scripting language (e.g., Bitcoin-based chains like Liquid), and, yet, can be used as a building block for the design of DeFi applications such as lending, pegs, wrapping/unwrapping of tokens, Proof-of-Burn, and verification of multiple oracle attestations. We formally define and prove Glimpse security in the Universal Composability (UC) framework and conduct an economical security analysis to identify the secure parameter space in the rational setting. Finally, we evaluate the cost of Glimpse for Bitcoin-like chains, showing that verifying a simple transaction has at most 700 bytes of on-chain overhead, resulting in a one-time fee of 3$, only twice as much as a basic Bitcoin transaction.