International Association
for Cryptologic Research

The Applied Cryptography Group at Technical University of Darmstadt offers a fully funded Ph.D. position as part of the ERC project CRYPTOLAYER. The goal of this project is to develop cryptographic tools to improve the privacy, scalability and security of next-generation blockchain protocols. Topics of interest include (but are not limited to) threshold cryptography, second-layer protocols, cryptographic wallets, multiparty computation, zero-knowledge and more. You will conduct research and publish/present the results at top venues for research in cryptography and IT Security. The position is to be filled as soon as possible for initially 3 years with the possibility of an extension.

Your profile:

• Completed Master's degree (or equivalent) with excellent grades in computer science, mathematics, or a similar area.
• Strong mathematical and/or algorithmic/theoretical CS background
• Good knowledge in one of the topics mentioned above is a plus.
• Fluent in English

Your application should contain a CV, record of grades, a short motivation letter and at least one contact for a reference letter.

TU Darmstadt is a top research university for IT Security, Cryptography, and Computer Science in Europe. We offer an excellent working environment in the heart of the Frankfurt Metropolitan Area, which is internationally well-known for its high quality of life. The review of applications starts immediately until the position is filled.

Closing date for applications:

Contact: Sebastian Faust (office.cac@cysec.de)

Applications are invited for a 1-year Research Fellow (with the possibility of extension) in Applied Cryptography, to work full-time on an EPSRC-funded project “AP4L: Adaptive PETs to Protect & emPower People during Life Transitions”. The successful post holder is expected to start on 1 Mar 2023 or as soon as possible thereafter and will be based in the Department of Computer Science and its highly regarded Surrey Centre for Cyber Security (SCCS), working with Dr. Cătălin Drăgan, Prof. Nishanth Sastry, Prof. Steve Schneider and Prof. Helen Treharne.

Application Details (including the application link) https://jobs.surrey.ac.uk/Vacancy.aspx?id=12909

Closing date for applications:

Contact: Dr. Cătalin Drăgan (c.dragan@surrey.ac.uk), or Prof. Nishanth Sastry (n.sastry@surrey.ac.uk), Prof. Steve Schneider (s.schneider@surrey.ac.uk).

More information: https://jobs.surrey.ac.uk/Vacancy.aspx?id=12909

Algemetric is a tech startup committed to delivering efficient, user-friendly, secure, and privacy-preserving solutions for organizations interested in extracting the most value from their data in all stages of the data lifecycle.

We have a customer-centric approach to privacy-preserving solutions with deployed applications in the real world. We are currently expanding our operations worldwide.

We are looking for a cryptography researcher with a track record of research and publications in cryptography in any area, preferably related to privacy-enhancing technologies. As a cryptography researcher, you will work directly with a team of mathematicians, research engineers, and computer scientists, engage with cryptography and industry experts, and work with exciting real-world applications in a straightforward expansion process.

Requirements:

• Track record of publications in cryptography.
• Ph.D. degree in cryptography, mathematics, computer science, or related degrees.
• 2-3 years of experience post-PhD (either in the industry or academia).
• Status/Visa that allows immediate employment in the US.

Preferable:

• Hands-on experience with multiparty computation and homomorphic encryption.
• Experience leading and/or willingness to lead other researchers.

This is an in-person role for our office in Colorado Springs, Colorado, United States.

What we offer:

• Competitive salary compatible with experience.
• Benefits include health, dental, vision, life, short/long-term disability insurance, workmen’s compensation insurance, participation in our Premium Only plan, and 401(k).
• Annual performance review.
• Relocation support.

Closing date for applications:

Contact: If you are interested, please email jobs@algemetric.com with a cover letter and your resume.

More information: https://www.algemetric.com/

Several fully-funded PhD student openings for Fall 2023 are available in cryptography, computer security, privacy, and blockchain-based systems at the University of Connecticut (UConn), Computer Science and Engineering department, led by Prof. Ghada Almashaqbeh.

The positions provide a great opportunity for students with interest in interdisciplinary projects that combine knowledge from various fields towards the design of secure systems and protocols. We target real-world and timely problems and aim to develop secure and practical solutions backed by rigorous foundations and efficient implementations/thorough performance testing. We are also interested in conceptual projects that contribute in bridging the gap between theory and practice of Cryptography.

For more information about our current and previous projects please check https://ghadaalmashaqbeh.github.io/research/. For interested students, please send your CV to ghada@uconn.edu and provide any relevant information about your research interests, and relevant skills and background.

Closing date for applications:

Contact: Ghada Almashaqbeh

More information: https://ghadaalmashaqbeh.github.io/

The Cybersecurity (CYS) group at the Faculty of Electrical Engineering, Mathematics and Computer Science (EEMCS) invites applications for full-time doctoral candidates in the area of applied cryptography. Our group conducts research in a range of cybersecurity topics, including, secure data sharing and intelligence, secure data analytics, applied cryptography, and privacy-enhancing technologies. We aim to publish our results at top conferences and journals, transfer our scientific know-how and technologies to students and our public and private partners in the field of cybersecurity, and have an impact on society and the research community. This position aims to develop practical and secure solutions for sharing medical data in a decentralized setting and perform secure and privacy-preserving statistical analysis. Successful candidates will have the opportunity to work closely with world-class researchers at TU Delft, other renowned universities and industrial partners in Europe from Germany, Italy and Greece. The position is supported by the Horizon Europe project SEPTON. The project will establish stronger cross-sector data sharing, in a citizen-centric, secure and trustworthy manner, by developing innovative and environment-friendly solutions.

Closing date for applications:

Contact: Dr. Zeki Erkin

More information: https://www.linkedin.com/jobs/view/3402215114

Event date: 19 June to 22 June 2023
Submission deadline: 20 March 2023
Notification: 19 April 2023

The University of York is recruiting a Post-Doctoral Research Associate to work on the Protecting Minority Ethnic Communities Online (PRIME) project for 2 years starting April 2023.

We are seeking candidates with expertise and experience in one or more areas of cyber security and privacy research, preferably in designing and implementing privacy-enhancing technologies and applied cryptography. Other desirable areas of expertise include threat modelling, web and mobile security, usable security & privacy, and formal methods for security.

PRIME is part of the UK's National Research Centre on Privacy, Harm Reduction and Adversarial Influence Online (REPHRAIN).

For the full job description please refer to the following vacancy page: https://jobs.york.ac.uk/vacancy/research-associate-506049.html

Closing date for applications:

Contact: For informal enquiries please contact Dr. Siamak F. Shahandashti at siamak.shahandashti@york.ac.uk.

More information: https://jobs.york.ac.uk/vacancy/research-associate-506049.html

Cryspen is looking for a software verification engineer to build high-assurance cryptographic software. We are looking for an engineer with knowledge of formal verification to drive the development of high-assurance cryptographic software at Cryspen. The role will encompass maintaining and improving the HACL* verified cryptographic library and its APIs, as well as leading the development of new cryptographic products and protocols within Cryspen. Typical candidates include those who have experience in formal proof systems like F* or Coq, have 2-3 years of experience developing software in the industry or open source projects, and feel passionate about replacing insecure code with formally verified software.

Closing date for applications:

Contact: Franziskus Kiefer

More information: https://join.com/companies/cryspen/6605587-software-verification-engineer?widgetv2=true&pid=d73d1a20e99ab4ced633

Cryspen is looking for a cryptography researcher and engineer to build and prove high-assurance cryptographic software. You will work with and on tools such as hacspec, F*, and easycrypt to describe cryptographic systems and prove their security properties. The work will be part of a larger project to design a data custodian system with modern cryptography such as multi-party computation. You will be involved in all phases of the project, from analyzing the use cases, over defining the functionality and security properties of the system, to specifying and proving its security. Writing and reasoning about cryptography is a delicate task that requires attention to detail and the utmost care. As an ideal candidate, you are therefore able to handle highly sensitive and highly detailed tasks. If you have experience with open-source projects, that’s great but not necessary. We expect that you understand the basics of all involved technologies and concepts. However, we especially invite you to apply if you are an early career professional.

Closing date for applications:

Contact: Franziskus Kiefer

More information: https://join.com/companies/cryspen/6604973-r-and-d-cryptography-engineer?widgetv2=true&pid=d73d1a20e99ab4ced633

Event date: 19 June to 22 June 2023
Submission deadline: 20 March 2023
Notification: 19 April 2023

Event date: 21 August to 23 August 2023
Submission deadline: 24 April 2023
Notification: 9 June 2023

Event date: 23 March to 24 March 2023

Event date: 5 May 2023
Submission deadline: 17 February 2023
Notification: 10 March 2023

The sampling of polynomials with fixed weight is a procedure required by all remaining round-4 Key Encapsulation Mechanisms (KEMs) for Post-Quantum Cryptography (PQC) standardization (BIKE, HQC, McEliece) as well as NTRU, Streamlined NTRU Prime, and NTRU LPRrime. Recent attacks have shown that side-channel leakage of sampling methods can be practically exploited for key recoveries. While countermeasures regarding such timing attacks have already been presented, still, there is no comprehensive work covering solutions that are also secure against power side-channels. Aiming to close this important gap, the contribution of our work is threefold: First, we analyze requirements for the different use cases of fixed weight sampling. Second, we demonstrate how all known sampling methods can be implemented securely against timing and power/EM side-channels and propose performance enhancing modifications. Furthermore, we propose a new, comparison-based methodology that outperforms existing methods in the masked setting for the three round-4 KEMs BIKE, HQC, and McEliece. Third, we present bitsliced and arbitrary-order masked software implementations and benchmarked them for all relevant cryptographic schemes to be able to infer recommendations for each use case. Additionally, we provide a hardware implementation of our new method as a case study, and analyze the feasibility of implementing the other approaches in hardware.

Blind signature schemes are the essential element of many complex information systems such as e-cash and e-voting systems. They should provide two security properties: unforgeability and blindness. The former one is standard for all signature schemes and ensures that a valid signature can be generated only during the interaction with the secret signing key holder. The latter one is more specific for this class of signature schemes and means that there is no way to link a (message, signature) pair to the certain execution of the signing protocol. In the current paper we discuss the blindness property and various security notions formalizing this property. We analyze several ElGamal-type blind signature schemes regarding blindness. We present effective attacks violating blindness on three schemes. All the presented attacks may be performed by any external observer and do not require signing key knowledge. One of the schemes conceivably became broken due to an incorrect understanding of blindness property.

At Eurocrypt 2015, Duc et al. conjectured that the success rate of a side-channel attack targeting an intermediate computation encoded in a linear secret-sharing, a.k.a masking with \(d+1\) shares, could be inferred by measuring the mutual information between the leakage and each share separately. This way, security bounds can be derived without having to mount the complete attack. So far, the best proven bounds for masked encodings were nearly tight with the conjecture, up to a constant factor overhead equal to the field size, which may still give loose security guarantees compared to actual attacks. In this paper, we improve upon the state-of-the-art bounds by removing the field size loss, in the cases of Boolean masking and arithmetic masking modulo a power of two. As an example, when masking in the AES field, our new bound outperforms the former ones by a factor \(256\). Moreover, we provide theoretical hints that similar results could hold for masking in other fields as well.

Despite considerable achievements of deep learning-based side-channel analysis, overfitting represents a significant obstacle in finding optimized neural network models. This issue is not unique to the side-channel domain. Regularization techniques are popular solutions to overfitting and have long been used in various domains. At the same time, the works in the side-channel domain show sporadic utilization of regularization techniques. What is more, no systematic study investigates these techniques' effectiveness. In this paper, we aim to investigate the regularization effectiveness by applying four powerful and easy-to-use regularization techniques to six combinations of datasets, leakage models, and deep-learning topologies. The investigated techniques are $L_1$, $L_2$, dropout, and early stopping. Our results show that while all these techniques can improve performance in many cases, $L_1$ and $L_2$ are the most effective. Finally, if training time matters, early stopping is the best technique to choose.

We develop an efficient algorithm to detect whether a superspecial genus 2 Jacobian is optimally $(N, N)$-split for each integer $N \leq 11$. Incorporating this algorithm into the best-known attack against the superspecial isogeny problem in dimension 2 gives rise to significant cryptanalytic improvements. Our implementation shows that when the underlying prime $p$ is 100 bits, the attack is sped up by a factor $25{\tt x}$; when the underlying prime is 200 bits, the attack is sped up by a factor $42{\tt x}$; and, when the underlying prime is 1000 bits, the attack is sped up by a factor $160{\tt x}$.

Payment Channel Hub (PCH) is a promising solution to the scalability issue of first-generation blockchains or cryptocurrencies such as Bitcoin. It supports off-chain payments between a sender and a receiver through an intermediary (called the tumbler). Relationship anonymity and value privacy are desirable features of privacy-preserving PCHs, which prevent the tumbler from identifying the sender and receiver pairs as well as the payment amounts. To our knowledge, all existing Bitcoin-compatible PCH constructions that guarantee relationship anonymity allow only a (predefined) fixed payment amount. Thus, to achieve payments with different amounts, they would require either multiple PCH systems or running one PCH system multiple times. Neither of these solutions would be deemed practical.

In this paper, we propose the first Bitcoin-compatible PCH that achieves relationship anonymity and supports variable amounts for payment. To achieve this, we have several layers of technical constructions, each of which could be of independent interest to the community. First, we propose $\textit{BlindChannel}$, a novel bi-directional payment channel protocol for privacy-preserving payments, where {one of the channel parties} is unable to see the channel balances. Then, we further propose $\textit{BlindHub}$, a three-party (sender, tumbler, receiver) protocol for private conditional payments, where the tumbler pays to the receiver only if the sender pays to the tumbler. The appealing additional feature of BlindHub is that the tumbler cannot link the sender and the receiver while supporting a variable payment amount. To construct BlindHub, we also introduce two new cryptographic primitives as building blocks, namely $\textit{Blind Adaptor Signature}$(BAS), and $\textit{Flexible Blind Conditional Signature}$. BAS is an adaptor signature protocol built on top of a blind signature scheme. Flexible Blind Conditional Signature is a new cryptographic notion enabling us to provide an atomic and privacy-preserving PCH. Lastly, we instantiate both BlindChannel and BlindHub protocols and present implementation results to show their practicality.

Cryptanalysts have been looking for differential characteristics in ciphers for decades and it remains unclear how the subkey values and more generally the Markov assumption impacts exactly their probability estimation. There were theoretical efforts considering some simple linear relationships between differential characteristics and subkey values, but the community has not yet explored many possible nonlinear dependencies one can find in differential characteristics. Meanwhile, the overwhelming majority of cryptanalysis works still assume complete independence between the cipher rounds. We give here a practical framework and a corresponding tool to investigate all such linear or nonlinear effects and we show that they can have an important impact on the security analysis of many ciphers. Surprisingly, this invalidates many differential characteristics that appeared in the literature in the past years: we have checked differential characteristics from 8 articles (4 each for both SKINNY and GIFT) and most of these published paths are impossible or working only for a very small proportion of the key space. We applied our method to SKINNY and GIFT, but we expect more impossibilities for other ciphers. To showcase our advances in the dependencies analysis, in the case of SKINNY we are able to obtain a more accurate probability distribution of a differential characteristic with respect to the keys (with practical verification when it is computationally feasible). Our work indicates that newly proposed differential characteristics should now come with an analysis of how the key values and the Markov assumption might or might not affect/invalidate them. In this direction, more constructively, we include a proof of concept of how one can incorporate additional constraints into Constraint Programming so that the search for differential characteristics can avoid (to a large extent) differential characteristics that are actually impossible due to dependency issues our tool detected.