International Association for Cryptologic Research

International Association
for Cryptologic Research

IACR News

Updates on the COVID-19 situation are on the Announcement channel.

Here you can see all recent updates to the IACR webpage. These updates are also available:

RSS symbol icon
via RSS feed
Twitter bird icon
via Twitter
Weibo icon
via Weibo
Facebook icon
via Facebook

18 March 2023

Nillion
Job Posting Job Posting

If you enjoy solving challenging problems, having an impact on a fast-paced remotely managed team and like being surrounded by inspiring coworkers, then keep reading!

We bring to life fast, permissionless, decentralized computation. The Nillion team are looking for talented cryptographers to help build a new paradigm in decentralized computing with the aim of redefining network computation on private data.

As a Cryptographer at Nillion you will learn, design, and implement cryptographic protocols within the larger framework of distributed and decentralized systems. You will be responsible for turning groundbreaking research into commercially viable and reliable products by analyzing, proposing, and validating innovative software solutions within a decentralized computing environment.

Closing date for applications:

Contact: Roisin Kavanagh

More information: https://apply.workable.com/nillion/j/172D91EBF3/

Expand
RWTH Aachen University, Security and Privacy in Industrial Cooperation; Aachen, Germany
Job Posting Job Posting

We offer the opportunity to pursue a PhD in the field of 5G/6G cybersecurity in an excellent academic and research environment. As common in Germany, you will be employed full-time (part-time available upon request) at the university with a gross salary of approx. 52k Euro for the first year.

Together with cooperation partners from industry and academia, you will research the cyber security of future industrial 5G/6G communication networks with regard to efficient end-to-end security in the area of critical infrastructures and/or the detection of attacks on 5G/6G networks in production as part of research projects funded by the German Federal Office for Information Security. You will have the opportunity to actively develop and work on your own research topic in this highly topical and internationally visible research area in order to lay the foundations for your PhD project.

The research activities in our group typically include not only the design of new security processes but also their implementation and evaluation. To this end, you will work closely with students in the context of final theses, international research internships, and the supervision of student and research assistants. As part of this job, you will be expected to work independently on challenging research projects in the field of cybersecurity for industrial 5G/6G communications. This activity includes, among other things, the preparation of scientific publications, the participation in (and organization of) project meetings, the transfer of project results in courses, and the presentation of project results at international conferences.

Closing date for applications:

Contact: Prof. Dr. Martin Henze, henze@cs.rwth-aachen.de

More information: https://www.rwth-aachen.de/go/id/kbag/file/V000004739/

Expand
University of Wollongong, Australia
Job Posting Job Posting
The cryptography research group at the Institute of Cybersecurity and Cryptology (iC2), University of Wollongong (UOW), Australia, is recruiting a post-doc position in post-quantum cryptography. The research group at iC2, UOW is one of the largest research hubs in cryptography in Australia and the Asia-Pacific region. The group regularly publishes cutting-edge results at top conferences and journals on cryptography and cybersecurity. The position is for 2 years, with a competitive salary package. The candidate must hold a PhD degree in cryptography or a related area, and should have publications at top-tier venues in Cryptography, Theoretical Computer Science or Security. How to apply: Send your CV and your two best papers to Dr Khoa Nguyen (khoa@uow.edu.au). Deadline: 15 April 2023.

Closing date for applications:

Contact: Khoa Nguyen (https://sites.google.com/view/khoantt/, khoa@uow.edu.au)

Expand
ConsenSys
Job Posting Job Posting
Our mission is to unlock the collaborative power of communities by making Web3 universally easy to use, access, and build on Working with ConsenSys puts you at the forefront of an evolving paradigm, transforming our society for the better. We fundamentally believe blockchain is the next generation of technology that can lay the foundation for a more just and equitable society.  Blockchain tech is just over 10 years old. Ethereum itself is still a toddler and we’re far from reaching our full potential. You’ll get to work on the tools, infrastructure, and apps that scale these platforms to billions of users.  ______________What you’ll do: We seek a highly experienced Cryptography Researcher to join our team and work on cutting-edge projects related to zkEVM Prover. The ideal candidate will have a strong background in cryptography and experience in research and development, as well as a passion for exploring new technologies and finding innovative solutions. _______________Key Responsibilities: - Conduct research and development on a zkEVM Prover, its proof system and its implementation. Develop new cryptographic techniques and algorithms to improve zkEVM Prover performance and functionality. Collaborate with other researchers and engineers to share knowledge and advance the state of the art. Write technical papers and present research findings at conferences and workshops Stay current with new technologies and industry trends related to zkEVM Prover and cryptography.
    __________Qualifications: Strong background in cryptography, with a focus on zero-knowledge proof systems. Experience with research and development, including writing technical papers and presenting at conferences. Strong problem-solving and analytical skills. Excellent communication and teamwork abilities.

    Closing date for applications:

    Contact: Tazmin Jaffer

    More information: https://consensys.net/open-roles/gh_jid?gh_jid=4879380

Expand
NEC Laboratories Europe
Job Posting Job Posting

We are looking for a Research Associate to contribute, in the frame of an EU funded project, to the research and the development of solutions in the area of security and privacy, with a special focus on distributed systems and blockchain security.

Required Skills and Experience:

  • Strong experience in system security and distributed systems
  • Experience in blockchain technologies
  • Experience in software development with programming languages such as Python, Golang, Java, or C/C++
  • Excellent interpersonal and communication skills in English

Our work ranges from foundational research and IPR creation to prototype development for NEC products and services.

At NEC Laboratories Europe, we provide a collaborative, team-working environment that supports your career aspirations. Our working language is English. The position is initially limited to two years.

NEC Laboratories Europe is located in the beautiful city of Heidelberg, Germany. Home office schemes within the country may be offered. Heidelberg is an international and lively city with a large number of exciting cultural, entertainment, and outdoor activities.

To apply, please follow the link to the job description by clicking on the job title, or paste:

https://jobs.neclab.eu/jobs/openings/staff/NEC-NLE-2301-461-SEC-1-Research_Associate_%5b2301_461_SEC%5d.pdf

Application deadline: March 27, 2023

Closing date for applications:

Contact: Giorgia Marson (giorgia.marson@neclab.eu)

More information: https://jobs.neclab.eu/jobs/openings/staff/NEC-NLE-2301-461-SEC-1-Research_Associate_%5b2301_461_SEC%5d.pdf

Expand
Cryptology Group, CWI, Amsterdam, The Netherlands
Job Posting Job Posting
Description: The Cryptology Group at CWI in Amsterdam invites applications for a 3-year postdoc position within the NWO NWA consortium project HAPKIDO. The successful candidate is expected to do cutting edge research on the topic of post-quantum cryptography. The position is with a flexible starting date, available as of immediately.
Requirements: Candidates are required to hold a PhD in mathematics or computer science, with a specialization in cryptology, and they are expected to have a good knowledge of post-quantum cryptography and/or of quantum information science in general. Candidates must have a strong track record (ideally with publications at IACR conferences) and good academic writing and presentation skills. An additional plus is an interest in practical aspects of the migration to post-quantum secure schemes.
Application: Applications should include a detailed CV, a motivation letter, and at least three references, and they should be sent to the below email address. Applications will be reviewed until the position is filled.

Closing date for applications:

Contact: Serge Fehr (serge.fehr@cwi.nl)

Expand
Temasek Laboratories, National University of Singapore, Singapore
Job Posting Job Posting

Description. Candidates will work in the area of post-quantum cryptography. Candidates will conduct research on design and analysis of post-quantum cryptography. The work may require to carry out some simulations.

Requirements. Candidates are required to have a PhD degree in Mathematics or Computer Science. Experience in one or more of these relevant background areas is an advantage: cryptography, algebra, algebraic number theory or coding theory. Programming skills in Magma software or SAGEMATH software are an advantage. Candidate must be a team worker and able to conduct independent research.

Information and application. All candidates should include their full CV and transcripts and send to Dr Chik How Tan, tsltch@nus.edu.sg. The application deadline is 15 May 2023. We encourage early applications and review of applications will begin immediately. Only shortlisted applications will be notified.

Closing date for applications:

Contact: Dr Chik How Tan (tsltch@nus.edu.sg)

Expand
Technical University of Darmstadt, Germany
Job Posting Job Posting

The Cryptography and Privacy Engineering Group (ENCRYPTO) @Department of Computer Science @TU Darmstadt offers a full position for a Postdoctoral Researcher in Cryptography & Privacy Engineering, available immediately and for initially until 31.1.2025.

Our mission is to demonstrate that privacy can be efficiently protected in real-world applications via cryptographic protocols.

TU Darmstadt is a top research university for IT security, cryptography and computer science in Europe. The position is based in the City of Science Darmstadt, which is very international, livable and well-connected in the Rhine-Main area around Frankfurt. Knowledge of German is helpful, but not required, and TU Darmstadt offers a Welcome Center and language courses.

Job description

As postdoc @ENCRYPTO, you conduct research, build prototype implementations, and publish and present the results at top venues. You are involved in project management, teaching, co-advise PhD students and supervise thesis students & student research assistants. The position is co-funded by the ERC Starting Grant “Privacy-preserving Services on the Internet” (PSOTI), where we build privacy-preserving services on the Internet, which includes designing protocols for privately processing data among untrusted service providers using secure multi-party computation and implementing a scalable framework.

Your profile
  • Completed PhD degree (or equivalent) at a top university in IT security, computer science, applied mathematics, electrical engineering, or a similar area
  • Publications at top venues (CORE rank A*/A) for IT security/applied cryptography (e.g., EUROCRYPT, S&P, CCS, NDSS, USENIX SEC), ideally on cryptographic protocols and secure computation
  • Experience in software development, project management and supervising students
  • Self-motivated, reliable, creative, can work in a team, and want to do excellent research on challenging scientific problems with practical relevance
  • The working language at ENCRYPTO is English, so you must be able to discuss/write/present scientific results in English, whereas German is not required.

Closing date for applications:

Contact: Thomas Schneider (application@encrypto.cs.tu-darmstadt.de)

More information: https://encrypto.de/POSTDOC

Expand
Spetses, Greece, 21 May - 26 May 2023
Event Calendar Event Calendar
Event date: 21 May to 26 May 2023
Expand
Voss, Norway, 3 September - 8 September 2023
Event Calendar Event Calendar
Event date: 3 September to 8 September 2023
Submission deadline: 15 April 2023
Notification: 15 June 2023
Expand
Groningen, Netherlands, 29 November - 1 December 2023
Event Calendar Event Calendar
Event date: 29 November to 1 December 2023
Submission deadline: 27 July 2023
Expand
Quito, Ecuador, 2 October - 6 October 2023
Event Calendar Event Calendar
Event date: 2 October to 6 October 2023
Submission deadline: 27 May 2023
Notification: 22 July 2023
Expand
College Park, USA, 14 August - 18 August 2023
Event Calendar Event Calendar
Event date: 14 August to 18 August 2023
Submission deadline: 12 April 2023
Notification: 21 June 2023
Expand
College Park, Maryland, USA, 16 August - 18 August 2023
Event Calendar Event Calendar
Event date: 16 August to 18 August 2023
Submission deadline: 24 April 2023
Notification: 5 June 2023
Expand

16 March 2023

Lucianna Kiffer, Joachim Neu, Srivatsan Sridhar, Aviv Zohar, David Tse
ePrint Report ePrint Report
Given a network of nodes with certain communication and computation capacities, what is the maximum rate at which a blockchain can run securely? We study this question for proof-of-work (PoW) and proof-of-stake (PoS) longest chain protocols under a ‘bounded bandwidth’ model which captures queuing and processing delays due to high block rate relative to capacity, bursty release of adversarial blocks, and in PoS, spamming due to equivocations.

We demonstrate that security of both PoW and PoS longest chain, when operating at capacity, requires carefully designed scheduling policies that correctly prioritize which blocks are processed first, as we show attack strategies tailored to such policies. In PoS, we show an attack exploiting equivocations, which highlights that the throughput of the PoS longest chain protocol with a broad class of scheduling policies must decrease as the desired security error probability decreases. At the same time, through an improved analysis method, our work is the first to identify block production rates under which PoW longest chain is secure in the bounded bandwidth setting. We also present the first PoS longest chain protocol, SaPoS, which is secure with a block production rate independent of the security error probability, by using an ‘equivocation removal’ policy to prevent equivocation spamming.
Expand
Edward Eaton, Tancrède Lepoint, Christopher A. Wood
ePrint Report ePrint Report
Digital signatures are fundamental components of public key cryptography. They allow a signer to generate verifiable and unforgeable proofs---signatures---over arbitrary messages with a private key, and allow recipients to verify the proofs against the corresponding and expected public key. These properties are used in practice for a variety of use cases, ranging from identity or data authenticity to non-repudiation. Unsurprisingly, signature schemes are widely used in security protocols deployed on the Internet today.

In recent years, some protocols have extended the basic syntax of signature schemes to support key blinding, a.k.a., key randomization. Roughly speaking, key blinding is the process by which a private signing key or public verification key is blinded (randomized) to hide information about the key pair. This is generally done for privacy reasons and has found applications in Tor and Privacy Pass.

Recently, Denis, Eaton, Lepoint, and Wood proposed a technical specification for signature schemes with key blinding in an IETF draft. In this work, we analyze the constructions in this emerging specification. We demonstrate that the constructions provided satisfy the desired security properties for signature schemes with key blinding. We experimentally evaluate the constructions and find that they introduce a very reasonable 2-3x performance overhead compared to the base signature scheme. Our results complement the ongoing standardization efforts for this primitive.
Expand
Theodoros Kapourniotis, Elham Kashefi, Dominik Leichtle, Luka Music, Harold Ollivier
ePrint Report ePrint Report
Secure multi-party computation (SMPC) protocols allow several parties that distrust each other to collectively compute a function on their inputs. In this paper, we introduce a protocol that lifts classical SMPC to quantum SMPC in a composably and statistically secure way, even for a single honest party. Unlike previous quantum SMPC protocols, our proposal only requires very limited quantum resources from all but one party; it suffices that the weak parties, i.e. the clients, are able to prepare single-qubit states in the X-Y plane. The novel quantum SMPC protocol is constructed in a naturally modular way, and relies on a new technique for quantum verification that is of independent interest. This verification technique requires the remote preparation of states only in a single plane of the Bloch sphere. In the course of proving the security of the new verification protocol, we also uncover a fundamental invariance that is inherent to measurement-based quantum computing.
Expand
Nerla Jean-Louis, Yunqi Li, Yan Ji, Harjasleen Malvai, Thomas Yurek, Sylvain Bellemare, Andrew Miller
ePrint Report ePrint Report
TEE-based smart contracts are an emerging blockchain architecture, offering fully programmable privacy with better performance than alternatives like secure multiparty computation. They can also support compatibility with existing smart contract languages, such that existing (plaintext) applications can be readily ported, picking up privacy enhancements automatically. While previous analysis of TEE-based smart contracts have focused on failures of TEE itself, we asked whether other aspects might be understudied. We focused on state consistency, a concern area highlighted by Li et al., as well as new concerns including access pattern leakage and software upgrade mechanisms. We carried out a code review of a cohort of four TEE-based smart contract platforms. These include Secret Network, the first to market with in-use applications, as well as Oasis, Phala, and Obscuro, which have at least released public test networks.

The first and most broadly applicable result is that access pattern leakage occurs when handling persistent contract storage. On Secret Network, its fine-grained access pattern is catastrophic for the transaction privacy of SNIP-20 tokens. If ERC-20 tokens were naively ported to Oasis they would be similarly vulnerable; the others in the cohort leak coarse-grained information at approximately the page level (4 kilobytes). Improving and characterizing this will require adopting techniques from ORAMs or encrypted databases. Second, the importance of state consistency has been underappreciated, in part because exploiting such vulnerabilities is thought to be impractical. We show they are fully practical by building a proof-of-concept tool that breaks all advertised privacy properties of SNIP-20 tokens, able to query the balance of individual accounts and the token amount of each transfer. We additionally demonstrate MEV attacks against the Sienna Swap application. As a final consequence of lacking state consistency, the developers have inadvertently introduced a decryption backdoor through their software upgrade process. We have helped the Secret developers mitigate this through a coordinated vulnerability disclosure, after which their transaction replay defense is roughly on par with the rest.
Expand
Stefan Ritterhoff, Georg Maringer, Sebastian Bitzer, Violetta Weger, Patrick Karl, Thomas Schamberger, Jonas Schupp, Antonia Wachter-Zeh
ePrint Report ePrint Report
In this work we introduce a new code-based signature scheme, called FuLeeca, based on the NP-hard problem of finding low Lee-weight codewords. The scheme follows the Hash-and-Sign approach applied to quasi-cyclic codes of small Lee-weight density. Similar approaches in the Hamming metric have suffered statistical attacks, which reveal the small support of the secret basis. Using the Lee metric we are able to thwart such attacks. We use existing hardness results on the underlying problem and study adapted statistical attacks. We propose parameters for FuLeeca and compare them to the best known post-quantum signature schemes. This comparison reveals that FuLeeca is extremely competitive. For example, for NIST category I, i.e., 160 bit of classical security, we obtain an average signature size of 276 bytes and public key sizes of 389 bytes. This not only outperforms all known code-based signature schemes, but also the signature schemes Dilithium, Falcon and SPHINCS+ selected by NIST for standardization.
Expand
Thomas Decru, Sabrina Kunzweiler
ePrint Report ePrint Report
The parametrization of $(3,3)$-isogenies by Bruin, Flynn and Testa requires over 37.500 multiplications if one wants to evaluate a single isogeny in a point. We simplify their formulae and reduce the amount of required multiplications by 94%. Further we deduce explicit formulae for evaluating $(3,3)$-splitting and gluing maps in the framework of the parametrization by Bröker, Howe, Lauter and Stevenhagen. We provide implementations to compute $(3^n,3^n)$-isogenies between principally polarized abelian surfaces with a focus on cryptographic application. Our implementation can retrieve Alice's secret isogeny in 11 seconds for the SIKEp751 parameters, which were aimed at NIST level 5 security.
Expand
◄ Previous Next ►