International Association
for Cryptologic Research

In this work, we consider the worst and average case hardness of the decoding problems that are the basis for code-based cryptography. By a decoding problem, we consider inputs of the form $(\mathbf{G}, \mathbf{m} \mathbf{G} + \mathbf{t})$ for a matrix $\mathbf{G}$ that generates a code and a noise vector $\mathbf{t}$, and the algorithm's goal is to recover $\mathbf{m}$. We consider a natural strategy for creating a reduction to an average-case problem: from our input we simulate a Learning Parity with Noise (LPN) oracle, where we recall that LPN is essentially an average-case decoding problem where there is no a priori lower bound on the rate of the code. More formally, the oracle $\mathcal{O}_{\mathbf{x}}$ outputs independent samples of the form $\langle \mathbf{x}, \mathbf{a} \rangle + e$, where $\mathbf{a}$ is a uniformly random vector and $e$ is a noise bit. Such an approach is (implicit in) the previous worst-case to average-case reductions for coding problems (Brakerski et al Eurocrypt 2019, Yu and Zhang CRYPTO 2021). To analyze the effectiveness of this reduction, we use a smoothing bound derived recently by (Debris-Alazard et al IACR Eprint 2022), which quantifies the simulation error of this reduction. It is worth noting that this latter work crucially use a bound, known as the second linear programming bounds, on the weight distribution of the code generated here by $\mathbf{G}$. Our approach, which is Fourier analytic in nature, applies to any smoothing distribution (so long as it is radial); for our purposes, the best choice appears to be Bernoulli (although for the analysis it is most effective to study the uniform distribution over a sphere, and subsequently translate the bound back to the Bernoulli distribution by applying a truncation trick). Our approach works naturally when reducing from a worst-case instance, as well as from an average-case instance. While we are unable to improve the parameters of the worst-case to average-case reductions of Brakerski et al or Yu and Zhang, we think that our work highlights two important points. Firstly, in analyzing the average-case to average-case reduction we run into inherent limitations of this reduction template. Essentially, it appears hopeless to reduce to an LPN instance for which the noise rate is more than inverse-polynomially biased away from uniform. We furthermore uncover a surprising weakness in the second linear programming bound: we observe that it is essentially useless for the regime of parameters where the rate of the code is inverse polynomial in the block-length. By highlighting these shortcomings, we hope to stimulate the development of new techniques for reductions between cryptographic decoding problems.

Anonymous authentication primitives, e.g., group or ring signatures, allow one to realize privacy-preserving data collection applications, as they strike a balance between authenticity of data being collected and privacy of data providers. At PKC 2021, Diaz and Lehmann defined group signatures with User-Controlled Linkability (UCL) and provided an instantiation based on BBS+ signatures. In a nutshell, a signer of a UCL group signature scheme can link any of her signatures: linking evidence can be produced at signature time, or after signatures have been output, by providing an explicit linking proof. In this paper, we introduce Ring Signatures with User-Controlled Linkability (RS-UCL). Compared to group signatures with user-controlled linkability, RS-UCL require no group manager and can be instantiated in a completely decentralized manner. We also introduce a variation, User Controlled and Autonomous Linkability (RS-UCAL), which gives the user full control of the linkability of their signatures. We provide a formal model for both RS-UCL and RS-UCAL and introduce a compiler that can upgrade any ring signature scheme to RS-UCAL. The compiler leverages a new primitive we call Anonymous Key Randomizable Signatures (AKRS) — a signature scheme where the verification key can be randomized — that can be of independent interest. We also provide different instantiations of AKRS based on Schnorr signatures and on lattices. Finally, we show that an AKRS scheme can additionally be used to construct an RS-UCL scheme.

In this paper, we propose a simple noncommutative-ring based UOV signature scheme with key-randomness alignment: Simple NOVA, which can be viewed as a simplified version of NOVA[48]. We simplify the design of NOVA by skipping the perturbation trick used in NOVA, thus shortens the key generation process and accelerates the signing and verification. Together with a little modification accordingly, this alternative version of NOVA is also secure and may be more suitable for practical uses. We also use Magma to actually implement and give a detailed security analysis against known major attacks.

Fully Homomorphic Encryption (FHE) allows computations on encrypted data without the need for decryption. Therefore, in the world of cloud computing, FHE provides an essential means for users to garner different computational services from potentially untrusted servers while keeping sensitive data private. In such a context, the security and privacy guarantees of well-known FHE schemes become paramount. In a research article, we (Chaturvedi et al., ePrint 2022/1563) have shown that popular FHE schemes like TFHE and FHEW are vulnerable to CVO (Ciphertext Verification Oracle) attacks, which belong to the family of “reaction attacks” [6]. We show, for the first time, that feedback from the client (user) can be craftily used by the server to extract the error (noise) associated with each computed ciphertext. Once the errors for some m ciphertext (m > n, where n = key size) are retrieved, the original secret key can be trivially leaked using the standard Gaussian Elimination method. The results in the paper (Chaturvedi et al., ePrint 2022/1563) show that FHE schemes should be subjected to further security evaluations, specifically in the context of system-wide implementation, such that CVO-based attacks can be eliminated. Quite recently, Michael Walter published a document (ePrint 2022/1722), claiming that the timing channel we used in our work (Chaturvedi et al., ePrint 2022/1563) “are false”. In this document, we debunk this claim and explain how we use the timing channel to improve the CVO attack. We explain that the CVO-based attack technique we proposed in the paper (Chaturvedi et al., ePrint 2022/1563) is a result of careful selection of perturbation values and the first work in literature that showed reaction based attacks are possible in the context of present FHE schemes in a realistic cloud setting. We further argue that for an attacker, any additional information that can aid a particular attack shall be considered as leakage and must be dealt with due importance to stymie the attack.

The Department of Computer Science at the University of Surrey is seeking to recruit a full-time researcher for the Surrey Centre for Cyber Security.  The successful candidate will work on privacy-enhancing techniques with a particular focus on designing a privacy algebra for personal data. The project will involve formalising privacy notions and defining new privacy measures for heterogeneous data, leading to developing novel techniques and a suite of usable tools to quantify and enhance privacy.  The Department of Computer Science within the Faculty of Engineering and Physical Sciences has an international reputation for research and teaching. Security research in the department is focused within the Surrey Centre for Cyber Security, with Surrey recognised by the National Cyber Security Centre as an Academic Centre of Excellence in Cyber Security Research. Our research concentrates on data privacy, access control, privacy-preserving systems, applied cryptography, and a range of cyber security topics.  The position offers the platform for the research fellow to work within a group and develop skills to become an independent researcher. The successful candidate will work under the direction of Dr Rizwan Asghar.  We are looking for applicants that demonstrate strong research and analytical skills, have strong communication skills and enthusiasm for developing their own research ideas. Applicants must have a PhD in a relevant subject. This fixed-term contract post is available for up to 24 months.

Closing date for applications:

Contact: Rizwan Asghar

More information: https://jobs.surrey.ac.uk/Vacancy.aspx?id=12976&forced=1

Worldline is the European leader in digital payments and number four worldwide. You would be working closely with the Worldline Labs Trust & Intelligence. You will contribute to the internal R&D effort of the company, notably in terms of the design and implementation of cryptographic libraries targeting a framework for the design and implementation of white-box cryptography components.

Closing date for applications:

Contact: Kalpana Singh

More information: https://jobs.worldline.com/Worldline/job/Courbevoie-La-D%C3%A9fense-92-Stage-White-Box-Implementations-Attacks-and-Secure-Designs-Ile/760601602/

The Applied Cryptography Group at Technical University of Darmstadt offers a fully funded Ph.D. position as part of the ERC project CRYPTOLAYER. The goal of this project is to develop cryptographic tools to improve the privacy, scalability and security of next-generation blockchain protocols. Topics of interest include (but are not limited to) threshold cryptography, second-layer protocols, cryptographic wallets, multiparty computation, zero-knowledge and more. You will conduct research and publish/present the results at top venues for research in cryptography and IT Security. The position is to be filled as soon as possible for initially 3 years with the possibility of an extension.

Your profile:

• Completed Master's degree (or equivalent) with excellent grades in computer science, mathematics, or a similar area.
• Strong mathematical and/or algorithmic/theoretical CS background
• Good knowledge in one of the topics mentioned above is a plus.
• Fluent in English

Your application should contain a CV, record of grades, a short motivation letter and at least one contact for a reference letter.

TU Darmstadt is a top research university for IT Security, Cryptography, and Computer Science in Europe. We offer an excellent working environment in the heart of the Frankfurt Metropolitan Area, which is internationally well-known for its high quality of life. The review of applications starts immediately until the position is filled.

Closing date for applications:

Contact: Sebastian Faust (office.cac@cysec.de)

Applications are invited for a 1-year Research Fellow (with the possibility of extension) in Applied Cryptography, to work full-time on an EPSRC-funded project “AP4L: Adaptive PETs to Protect & emPower People during Life Transitions”. The successful post holder is expected to start on 1 Mar 2023 or as soon as possible thereafter and will be based in the Department of Computer Science and its highly regarded Surrey Centre for Cyber Security (SCCS), working with Dr. Cătălin Drăgan, Prof. Nishanth Sastry, Prof. Steve Schneider and Prof. Helen Treharne.

Application Details (including the application link) https://jobs.surrey.ac.uk/Vacancy.aspx?id=12909

Closing date for applications:

Contact: Dr. Cătalin Drăgan (c.dragan@surrey.ac.uk), or Prof. Nishanth Sastry (n.sastry@surrey.ac.uk), Prof. Steve Schneider (s.schneider@surrey.ac.uk).

More information: https://jobs.surrey.ac.uk/Vacancy.aspx?id=12909

Algemetric is a tech startup committed to delivering efficient, user-friendly, secure, and privacy-preserving solutions for organizations interested in extracting the most value from their data in all stages of the data lifecycle.

We have a customer-centric approach to privacy-preserving solutions with deployed applications in the real world. We are currently expanding our operations worldwide.

We are looking for a cryptography researcher with a track record of research and publications in cryptography in any area, preferably related to privacy-enhancing technologies. As a cryptography researcher, you will work directly with a team of mathematicians, research engineers, and computer scientists, engage with cryptography and industry experts, and work with exciting real-world applications in a straightforward expansion process.

Requirements:

• Track record of publications in cryptography.
• Ph.D. degree in cryptography, mathematics, computer science, or related degrees.
• 2-3 years of experience post-PhD (either in the industry or academia).
• Status/Visa that allows immediate employment in the US.

Preferable:

• Hands-on experience with multiparty computation and homomorphic encryption.
• Experience leading and/or willingness to lead other researchers.

This is an in-person role for our office in Colorado Springs, Colorado, United States.

What we offer:

• Competitive salary compatible with experience.
• Benefits include health, dental, vision, life, short/long-term disability insurance, workmen’s compensation insurance, participation in our Premium Only plan, and 401(k).
• Annual performance review.
• Relocation support.

Closing date for applications:

Contact: If you are interested, please email jobs@algemetric.com with a cover letter and your resume.

More information: https://www.algemetric.com/

Several fully-funded PhD student openings for Fall 2023 are available in cryptography, computer security, privacy, and blockchain-based systems at the University of Connecticut (UConn), Computer Science and Engineering department, led by Prof. Ghada Almashaqbeh.

The positions provide a great opportunity for students with interest in interdisciplinary projects that combine knowledge from various fields towards the design of secure systems and protocols. We target real-world and timely problems and aim to develop secure and practical solutions backed by rigorous foundations and efficient implementations/thorough performance testing. We are also interested in conceptual projects that contribute in bridging the gap between theory and practice of Cryptography.

For more information about our current and previous projects please check https://ghadaalmashaqbeh.github.io/research/. For interested students, please send your CV to ghada@uconn.edu and provide any relevant information about your research interests, and relevant skills and background.

Closing date for applications:

Contact: Ghada Almashaqbeh

More information: https://ghadaalmashaqbeh.github.io/

The Cybersecurity (CYS) group at the Faculty of Electrical Engineering, Mathematics and Computer Science (EEMCS) invites applications for full-time doctoral candidates in the area of applied cryptography. Our group conducts research in a range of cybersecurity topics, including, secure data sharing and intelligence, secure data analytics, applied cryptography, and privacy-enhancing technologies. We aim to publish our results at top conferences and journals, transfer our scientific know-how and technologies to students and our public and private partners in the field of cybersecurity, and have an impact on society and the research community. This position aims to develop practical and secure solutions for sharing medical data in a decentralized setting and perform secure and privacy-preserving statistical analysis. Successful candidates will have the opportunity to work closely with world-class researchers at TU Delft, other renowned universities and industrial partners in Europe from Germany, Italy and Greece. The position is supported by the Horizon Europe project SEPTON. The project will establish stronger cross-sector data sharing, in a citizen-centric, secure and trustworthy manner, by developing innovative and environment-friendly solutions.

Closing date for applications:

Contact: Dr. Zeki Erkin

More information: https://www.linkedin.com/jobs/view/3402215114

Event date: 19 June to 22 June 2023
Submission deadline: 20 March 2023
Notification: 19 April 2023

The University of York is recruiting a Post-Doctoral Research Associate to work on the Protecting Minority Ethnic Communities Online (PRIME) project for 2 years starting April 2023.

We are seeking candidates with expertise and experience in one or more areas of cyber security and privacy research, preferably in designing and implementing privacy-enhancing technologies and applied cryptography. Other desirable areas of expertise include threat modelling, web and mobile security, usable security & privacy, and formal methods for security.

PRIME is part of the UK's National Research Centre on Privacy, Harm Reduction and Adversarial Influence Online (REPHRAIN).

For the full job description please refer to the following vacancy page: https://jobs.york.ac.uk/vacancy/research-associate-506049.html

Closing date for applications:

Contact: For informal enquiries please contact Dr. Siamak F. Shahandashti at siamak.shahandashti@york.ac.uk.

More information: https://jobs.york.ac.uk/vacancy/research-associate-506049.html

Cryspen is looking for a software verification engineer to build high-assurance cryptographic software. We are looking for an engineer with knowledge of formal verification to drive the development of high-assurance cryptographic software at Cryspen. The role will encompass maintaining and improving the HACL* verified cryptographic library and its APIs, as well as leading the development of new cryptographic products and protocols within Cryspen. Typical candidates include those who have experience in formal proof systems like F* or Coq, have 2-3 years of experience developing software in the industry or open source projects, and feel passionate about replacing insecure code with formally verified software.

Closing date for applications:

Contact: Franziskus Kiefer

More information: https://join.com/companies/cryspen/6605587-software-verification-engineer?widgetv2=true&pid=d73d1a20e99ab4ced633

Cryspen is looking for a cryptography researcher and engineer to build and prove high-assurance cryptographic software. You will work with and on tools such as hacspec, F*, and easycrypt to describe cryptographic systems and prove their security properties. The work will be part of a larger project to design a data custodian system with modern cryptography such as multi-party computation. You will be involved in all phases of the project, from analyzing the use cases, over defining the functionality and security properties of the system, to specifying and proving its security. Writing and reasoning about cryptography is a delicate task that requires attention to detail and the utmost care. As an ideal candidate, you are therefore able to handle highly sensitive and highly detailed tasks. If you have experience with open-source projects, that’s great but not necessary. We expect that you understand the basics of all involved technologies and concepts. However, we especially invite you to apply if you are an early career professional.

Closing date for applications:

Contact: Franziskus Kiefer

More information: https://join.com/companies/cryspen/6604973-r-and-d-cryptography-engineer?widgetv2=true&pid=d73d1a20e99ab4ced633

Event date: 19 June to 22 June 2023
Submission deadline: 20 March 2023
Notification: 19 April 2023

Event date: 21 August to 23 August 2023
Submission deadline: 24 April 2023
Notification: 9 June 2023

Event date: 23 March to 24 March 2023

Event date: 5 May 2023
Submission deadline: 17 February 2023
Notification: 10 March 2023

The sampling of polynomials with fixed weight is a procedure required by all remaining round-4 Key Encapsulation Mechanisms (KEMs) for Post-Quantum Cryptography (PQC) standardization (BIKE, HQC, McEliece) as well as NTRU, Streamlined NTRU Prime, and NTRU LPRrime. Recent attacks have shown that side-channel leakage of sampling methods can be practically exploited for key recoveries. While countermeasures regarding such timing attacks have already been presented, still, there is no comprehensive work covering solutions that are also secure against power side-channels. Aiming to close this important gap, the contribution of our work is threefold: First, we analyze requirements for the different use cases of fixed weight sampling. Second, we demonstrate how all known sampling methods can be implemented securely against timing and power/EM side-channels and propose performance enhancing modifications. Furthermore, we propose a new, comparison-based methodology that outperforms existing methods in the masked setting for the three round-4 KEMs BIKE, HQC, and McEliece. Third, we present bitsliced and arbitrary-order masked software implementations and benchmarked them for all relevant cryptographic schemes to be able to infer recommendations for each use case. Additionally, we provide a hardware implementation of our new method as a case study, and analyze the feasibility of implementing the other approaches in hardware.