International Association
for Cryptologic Research

\ascon is the final winner of the lightweight cryptography standardization competition $(2018-2023)$. In this paper, we focus on preimage attacks against round-reduced \ascon. The preimage attack framework, utilizing the linear structure with the allocating model, was initially proposed by Guo \textit{et al.} at ASIACRYPT 2016 and subsequently improved by Li \textit{et al.} at EUROCRYPT 2019, demonstrating high effectiveness in breaking the preimage resistance of \keccak. In this paper, we extend this preimage attack framework to \ascon from two aspects. Firstly, we propose a linearize-and-guess approach by analyzing the algebraic properties of the \ascon permutation. As a result, the complexity of finding a preimage for 2-round \ascon-\xof with a 64-bit hash value can be significantly reduced from $2^{39}$ guesses to $2^{27.56}$ guesses. To support the effectiveness of our approach, we find an actual preimage of all ‘0’ hash in practical time. Secondly, we develop a SAT-based automatic preimage attack framework using the linearize-and-guess approach, which is efficient to search for the optimal structures exhaustively. Consequently, we present the best theoretical preimage attacks on 3-round and 4-round \ascon-\xof so far.

In the Random Oracle Model (ROM) all parties have oracle access to a common random function, and the parties are limited in the number of queries they can make to the oracle. The Merkle’s Puzzles protocol, introduced by Merkle [CACM ’78], is a key-agreement protocol in the ROM with a quadratic gap between the query complexity of the honest parties and the eavesdropper. This quadratic gap is known to be optimal, by the works of Impagliazzo and Rudich [STOC ’89] and Barak and Mahmoody [Crypto ’09].

When the oracle function is injective or a permutation, Merkle’s Puzzles has perfect completeness. That is, it is certain that the protocol results in agreement between the parties. However, without such an assumption on the random function, there is a small error probability, and the parties may end up holding different keys. This fact raises the question: Is there a key-agreement protocol with perfect completeness and super-linear security in the ROM?

In this paper we give a positive answer to the above question, showing that changes to the query distribution of the parties in Merkle’s Puzzles, yield a protocol with perfect completeness and roughly the same security.

We slightly generalize Plonk's ([GWC19]) permutation argument by replacing permutations with (possibly non-injective) self-maps of an interval. We then use this succinct argument to obtain a protocol for weighted sums on committed vectors, which, in turn, allows us to eliminate the intermediate gates arising from high fan-in additions in Plonkish circuits.

We use the KZG10 polynomial commitment scheme, which allows for a universal updateable CRS linear in the circuit size. In keeping with our recent work ([Th23]), we have used the monomial basis since it is compatible with any sufficiently large prime scalar field. In settings where the scalar field has a suitable smooth order subgroup, the techniques can be efficiently ported to a Lagrange basis.

The proof size is constant, as is the verification time which is dominated by a single pairing check. For committed vectors of length $n$, the proof generation is $O(n\cdot \log(n))$ and is dominated by the $\mathbb{G}_1$-MSMs and a single sum of a few polynomial products over the prime scalar field via multimodular FFTs.

Wave is a code-based digital signature scheme. Its hardness relies on the unforgeability of signature and the indistinguishability of its public key, a parity check matrix of a ternary $(U, U+V)$-code. The best known attacks involve solving the Decoding Problem using the Information Set Decoding algorithm (ISD) to defeat these two problems. Our main contribution is the description of a quantum smoothed Wagner's algorithm within the ISD, which improves the forgery attack on Wave in the quantum model. We also recap the best known key and forgery attacks against Wave in the classical and quantum models. For each one, we explicitly express their time complexity in the function of Wave parameters and deduce the claimed security of Wave.

We present Phoenixx, a round and leader based Byzantine fault tolerant consensus protocol, that operates in the partial synchrony network communications model. Phoenixx combines the three phase approach from HotStuff, with a novel \textit{Endorser Sampling}, that selects a subset of nodes, called \textit{endorsers}, to ``compress'' the opinion of the network.

Unlike traditional sampling approaches that select a subset of the network to run consensus on behalf of the network and disseminate the outcome, Phoenixx still requires participation of the whole network. The endorsers, however, assume a special role as they confirm that at least $2f+1$ validators are in agreement and issue a compressed certificate, attesting the network reached a decision. Phoenixx achieves linear communication complexity, while maintaining safety, liveness, and optimistic responsiveness, without using threshold signatures.

We generalize the Bernstein-Yang (BY) algorithm for constant-time modular inversion to compute the Kronecker symbol, of which the Jacobi and Legendre symbols are special cases. We start by developing a basic and easy-to-implement divstep version of the algorithm defined in terms of full-precision division steps. We then describe an optimized version due to Hamburg over word-sized inputs, similar to the jumpdivstep version of the BY algorithm, and formally verify its correctness. Along the way, we introduce a number of optimizations for implementing both versions in constant time and at high-speed. The resulting algorithms are particularly suitable for the special case of computing the Legendre symbol with dense prime $p$, where no efficient addition chain is known for the conventional approach by exponentiation to $\frac{p-1}{2}$. This is often the case for the base field of popular pairing-friendly elliptic curves. Our high-speed implementation for a range of parameters shows that the new algorithm is up to 40 times faster than the conventional exponentiation approach, and up to 25.7\% faster than the previous state of the art. We illustrate the performance of the algorithm with an application for hashing to elliptic curves, where the observed savings amount to 14.7\% -- 48.1\% when used for testing quadratic residuosity within the SwiftEC hashing algorithm. We also apply our techniques to the CTIDH isogeny-based key exchange, with savings of 3.5--13.5\%.

The Cryptography and Privacy Engineering Group (ENCRYPTO) @CS Department @Technical University of Darmstadt offers a fully funded position as Doctoral Researcher (Research Assistant/PhD Student) in Cryptography and Privacy Engineering to be filled as soon as possible and initially for 3 years with the possibility of extension.

Job description:

You'll work in the collaborative research center CROSSING funded by the German Research Foundation (DFG). In our project E4 Compiler for Privacy-Preserving Protocols, we build compilers to automatically generate optimized MPC protocols for privacy-preserving applications. See https://encrypto.de/CROSSING for details. As PhD@ENCRYPTO, you primarily focus on your research aiming to publish&present the results at top venues.

We offer:

We demonstrate that privacy is efficiently protectable in real-world applications via cryptographic protocols. Our open and international working environment facilitates excellent research in a sociable team. TU Darmstadt is a top research university for IT security, cryptography and CS in Europe. Darmstadt is a very international, livable and well-connected city in the Rhine-Main area around Frankfurt.

Your profile:

• Completed Master's degree (or equivalent) at a top university with excellent grades in IT security, computer science, or a similar area.
• Extensive knowledge in applied cryptography/IT security and very good software development skills. Knowledge in cryptographic protocols (ideally MPC) is a plus.
• Experience and interest to engage in teaching.
• Self-motivated, reliable, creative, can work independently, and striving to do excellent research.
• Our working language is English: Able to discuss/write/present scientific results in English. German is beneficial but not required.

Application deadline: Sep 30, 2023. Later applications are considered.

Closing date for applications:

Contact: Thomas Schneider (application@encrypto.cs.tu-darmstadt.de)

More information: https://encrypto.de/2023-CROSSING

The Cryptography and Privacy Engineering Group (ENCRYPTO) @Department of Computer Science @TU Darmstadt offers a fully funded position for a Postdoctoral Researcher, to be filled asap and initially til January 31, 2025 with the potential of extension.

Our mission is to demonstrate that privacy can be efficiently protected in real-world applications via cryptographic protocols.

TU Darmstadt is located in the center of Germany and is a top research university for IT security, cryptography, and computer science. No German language skills are necessary and we established a hybrid working mode flexibly combining mobile work and in-presence time in office depending on individual preferences.

Job description:

As postdoc @ENCRYPTO, your primary focus is on collaborations with our PhDs and external international collaborators for cutting-edge research in applied cryptography as well as the publication and presentation of the results at top-tier security and cryptography conferences/journals. In our ERC-funded project PSOTI, we develop protocols for privately processing data among untrusted service providers using MPC. Examples are privacy-preserving alternatives for common applications such as email, file sharing, and forms. Also, the active research field of PPML is of high relevance for our group.

Your profile

• Completed PhD degree (or equivalent) at a top university in IT security, computer science, applied mathematics, electrical engineering, or a similar area
• Publications at top venues (CORE rank A*/A) for IT security/applied cryptography (e.g., EUROCRYPT, S&P, CCS, NDSS, USENIX SEC), ideally on cryptographic protocols and secure computation
• Experience in software development, project management and supervising students
• Self-motivated, reliable, creative, team-minded, and want to do excellent research on challenging scientific problems with practical relevance
• The working language at ENCRYPTO is English, so you must be able to discuss/write/present scientific results in English, whereas German is not required.

Closing date for applications:

Contact: Thomas Schneider (application@encrypto.cs.tu-darmstadt.de)

More information: https://encrypto.de/POSTDOC

The Research Institute CODE (https://www.unibw.de/code), established in 2017, with currently 15 professorships and over 130 researchers, is being expanded to one of the largest European research institutes for cyber security.

For a newly established professorship in Cryptography, Daniel Slamanig is seeking multiple PhD and Post-Doc researchers. Relevant topics include:

• Public-key cryptographic primitives
• Malleable and updatable cryptography
• Foundations and applications of privacy-preserving cryptography
• Post-quantum cryptography
• (Non-interactive) Zero-knowledge proofs and zk-SNARKs
• Real-world cryptography

Candidates are expected to do cutting edge research in cryptography. We offer the opportunity to engage with research projects and international partners from academia and industry. Candidates will also gain experience with supporting teaching activities.

Requirements:

• Master's degree (or equivalent) or PhD in Mathematics, Computer Science, Information Security, or a similar discipline.
• PostDoc candidates must have a strong track record (ideally with publications at IACR conferences and/or the top 4 security conferences) and good academic writing and presentation skills.
• High motivation for research work and ability to work independently.
• Good organisation and communication skills.
• Eager to disseminate research results through publications and presentations at top-tier conferences.
• Fluency in written and spoken English (German desirable but not required).

All positions are available for start from November 2023 (flexible) and are fully funded at federal salary levels TV-ÖD E13/14 (~50k to 65k EUR p.a. depending on qualifications and experience).

How to apply? Send a mail to Daniel Slamanig with subject line "Application UniBWM" including your cover/motivation letter, CV, transcripts of grades, and references.

Closing date for applications: Applications will be reviewed until the positions are filled.

Closing date for applications:

Contact: Daniel Slamanig (daniel.slamanig [AT] gmail.com)

More information: https://danielslamanig.info/

Applications are invited for the MS and Ph.D. positions in Information Security at the Department of Computer Science and Engineering, National Sun Yat-sen University, Kaohsiung, Taiwan. The successful candidate will work under the guidance of Dr. Arijit Karati on diverse topics in Applied Cryptology.

Responsibilities: Apart from academic work, the student must involve in several activities in a group or individually, such as (not limited to):

Design and implementation of security protocol.

Assessment of the security and performance metric.

Meeting with the supervisor.

Requirements: Apart from the university's basic admission policies (https://cse.nsysu.edu.tw/?Lang=en), students are desired to have the following key requirements:

Strong motivation on information security.

Knowledge of modern technology.

Knowledge of Basic mathematics for cryptography.

Knowledge of at least two programming languages, such as Python/Java/C/C++.

Scholarship:

Under the university policy.

Project funding (based on availability for master students).

What students can expect:

Cooperation from the supervisor and lab mates.

The rich culture in research and related activities.

Flexibility in communication, e.g., English.

What the supervisor can expect: Apart from academic and research works, students are expected to have

Good moral character.

Hardworking and dedication.

Closing date for applications:

Contact: Dr. Arijit Karati (arijit.karati@mail.cse.nsysu.edu.tw)

Applications are invited for the Postdoc position in applied cryptography at the Department of Computer Science and Engineering, National Sun Yat-sen University, Kaohsiung, Taiwan. Applicants with experience in at least one of the following areas are preferred: automotive security, lightweight security, quantum-resistant cryptography, developing novel cryptographic primitives and protocols, side-channel analysis, digital design on FPGA, and machine learning attacks for safety applications. Applicants require knowledge of formal security analysis, secure coding, and practical application domain security integration.

Essential Qualifications:

PhD degree in CSE/Mathematics/IT/electrical engineering with a specialization in Information/Network Security from a reputable Institution.

Outstanding track record of publications in Journals (preferably JCR-Q1 or prestigious IEEE journals) and security-related conferences.

Closing date for applications:

Contact: Dr. Arijit Karati (arijit.karati@mail.cse.nsysu.edu.tw)

Monash cybersecurity group has several openings for PhD positions. The topics of interest are

1. Post-quantum cryptography (based on lattices and/or hash) and its applications
2. Privacy-enhancing technologies (e.g. zero-knowledge proofs) and their applications

We provide

1. highly competitive tuition fee and stipend scholarships
2. opportunities to collaborate with leading academic and industry experts in the related areas
3. opportunities to participate in international grant-funded projects
4. collaborative and friendly research environment
5. an opportunity to live/study in one of the most liveable and safest cities in the world

The positions will be filled as soon as suitable candidates are found.

Requirements. A strong mathematical and cryptography background is required. Some knowledge/experience in coding (for example, Python, C/C++, SageMath) is a plus. Candidates must have completed (or be about to complete within the next 6 months) a significant research component either as part of their undergraduate (honours) degree or masters degree. They should have excellent English verbal and written communication skills.

How to apply. Please fill in the following form (also clickable from the advertisement title): https://docs.google.com/forms/d/e/1FAIpQLSetFZLvDNug5SzzE-iH97P9TGzFGkZB-ly_EBGOrAYe3zUYBw/viewform?usp=sf_link

Closing date for applications:

Contact: Ron Steinfeld

More information: https://docs.google.com/forms/d/e/1FAIpQLSetFZLvDNug5SzzE-iH97P9TGzFGkZB-ly_EBGOrAYe3zUYBw/viewform?usp=sf_link

A scholarship is available for a strong candidate interested in doing a PhD in privacy-preserving machine learning at Monash University in Melbourne (frequently ranked among the most liveable cities in the world).

Closing date for applications:

Contact: Rafael Dowsley Email: rafael.dowsley@monash.edu

Industrial control systems (ICS) operate critical infrastructures, such as railway networks, gas and electricity grids. Although these systems perform critical functions, many still use legacy embedded systems to perform their tasks. An ICS operator can connect commercial off-the-shelf (COTS) devices to the ICS network directly through USB or serial connection or remotely through a virtual private network. For example, an electricity utility company may depend on its staff to use their hand-held devices to install or maintain (e.g. troubleshooting) smart meters. COTS devices are usually internet connected devices and hence, can be compromised by an attacker. Such compromised COTS device can be used to launch attacks on legacy embedded systems and its ecosystem. In this project, we will use existing Trusted Execution Environment (TEE) on COTS devices and implement a framework which will allow the use of the COTS devices without any compromise on trust. In this case, the ICS operator will issue the applications for the COTS operator that will be able to communicate with the ICS devices using the required protocol and perform the necessary maintenance tasks. The project work will involve proposing novel architectural solution and/or novel operating system-based solution.

Closing date for applications:

Contact: Arnab Kumar Biswas

More information: https://www.qub.ac.uk/courses/postgraduate-research/phd-opportunities/a-trusted-execution-environment-based-framework-for-securing-legacy-embedded-systems.html

Traditional satellite communication network involves mainly two or three segments – the satellite, ground station and possible ground users. This method of communication has several disadvantages from resource usage point of view. As a solution, federated satellite system concept is introduced. Under this concept, several satellites from different organisations can cooperate to increase resource utilization under a profitable business agreement (e.g., usage-based pricing). This cooperation model is further extended by multi-tenant spacecraft concept where several users can reuse the resources of same spacecraft. But all these scenarios also require robust security solutions so that malicious actors cannot profit from any existing vulnerabilities in the whole system for example during routing, network access, and handover. This project aims to solve this security problem and to help the sector to grow further. In this project, the student will develop novel computer architecture required to support the security protocols proposed and/or standardized by CCSDS and will also propose new protocols. The student will also work on Software defined Satellite networking to enable programmability and reconfigurability of the system. The work will involve design of novel computer architecture and/or novel operating system and/or novel multiparty security protocol.

Closing date for applications:

Contact: Arnab Kumar Biswas

More information: https://www.qub.ac.uk/courses/postgraduate-research/phd-opportunities/secure-multitenant-and-federated-satellite-system.html

Event date: 11 October to 13 October 2023

Event date: 10 December to 13 December 2023
Submission deadline: 7 September 2023
Notification: 15 October 2023

The question of whether public-key encryption (PKE) can be constructed from the assumption that one-way functions (OWF) exist remains a central open problem. In this paper we give two constructions of bit PKE scheme derived from any NP language L, along with a polynomial-time instance-witness sampling algorithm. Furthermore, we prove that if L is average hard NP language, the the presented schemes is CPA secure. Our results give a positive answer to this longstanding problem, as the existence of OWF implies the existence of average hard NP language with a polynomial-time instance-witness sampling algorithm.

Additionally, we obtain a witness encryption (WE) scheme for NP language based on the presented PKE scheme. This result highlights that WE scheme can also be established based on the existence of OWF.

Recently, the FinTracer algorithm was introduced as a versatile framework for detecting economic crime typologies in a privacy-preserving fashion. Under the hood, FinTracer stores its data in a structure known as the ``FinTracer tag’’. One limitation of FinTracer tags, however, is that because their underlying cryptographic implementation relies on additive semi-homomorphic encryption, all the system's oblivious computations on tag data are linear in their input ciphertexts. This allows a FinTracer user to combine information from multiple tags in some ways, but not generically. In this paper, we describe an efficient method to perform general nonlinear computations on FinTracer tags, and show how this ability can be used to detect a wide range of complex crime typologies, as well as to extract many new types of information, while retaining all of FinTracer's original privacy guarantees.

Oblivious sorting is arguably the most important building block in the design of efficient oblivious algorithms. We propose new oblivious sorting algorithms for hardware enclaves. Our algorithms achieve asymptotic optimality in terms of both computational overhead and the number of page swaps the enclave has to make to fetch data from insecure memory or disk. We also aim to minimize the concrete constants inside the big-O. One of our algorithms achieve bounds tight to the constant in terms of the number of page swaps. We have implemented our algorithms and made them publicly available through open source. In comparison with (an unoptimized version of) bitonic sort, which is asymptotically non-optimal but the de facto algorithm used in practice, we achieve a speedup of 2000 times for 12 GB inputs.