International Association
for Cryptologic Research

When Satoshi Nakamoto introduced Bitcoin, a central tenet was that the blockchain functions as a timestamping server. In the Ethereum era, smart contracts widely assume on-chain timestamps are mostly accurate. In this paper, we prove this is indeed the case, namely that recorded timestamps do not wildly deviate from real-world time, a property we call timeliness. Assuming a global clock, we prove that all popular mechanisms for constructing blockchains (proof-of-work, longest chain proof-of-stake, and quorum-based proof-of-stake) are timely under honest majority, but a synchronous network is a necessary condition. Next we show that all timely blockchains can be suitably modified, in a black-box fashion, such that all honest parties output exactly the same ledgers at the same round, achieving a property we call supersafety, which may be of independent interest. Conversely, we also show that supersafety implies (perfect) timeliness, completing the circle.

Over the last decades, fault injection attacks have been demonstrated to be an effective method for breaking the security of electronic devices. Some types of fault injection attacks, like clock and voltage glitching, require very few resources by the attacker and are practical and simple to execute. A cost-effective countermeasure against these attacks is the use of a detector circuit which detects timing violations - the underlying effect that glitch attacks rely on. In this paper, we take a closer look at three examples of such detectors that have been presented in the literature. We demonstrate four high-speed clock glitching attacks, which successfully inject faults in systems, where detectors have been implemented to protect. The attacks remain unnoticed by the glitch detectors. We verify our attacks with practical experiments on an FPGA.

Proof-carrying data (PCD) is a powerful cryptographic primitive that allows mutually distrustful parties to perform distributed computation in an efficiently verifiable manner. Applications of PCD have sparked keen interest within the applied community and industry.

Known constructions of PCD are obtained by recursively-composing SNARKs or related primitives. Unfortunately, these constructions do not come with security analyses that yield useful concrete security bounds, leaving practitioners in the dark about how to securely instantiate PCD constructions.

In this work we study the concrete security of recursive composition, with the goal of enabling practitioners to set efficient parameters for certain PCD constructions of practical interest. Our main result is that PCD obtained from SNARKs with \emph{straightline knowledge soundness} has essentially the same security as the underlying SNARK. In this setting, recursive composition incurs no security loss.

We describe how straightline knowledge soundness is achieved by SNARKs in several oracle models, including SNARKs that are deployed in practice. Crucially, SNARKs in these settings can be \emph{relativized}, allowing us to construct PCD without instantiating the SNARK's oracle explicitly. This results in a highly efficient security analysis of PCD that makes black-box use of the SNARK's oracle.

As a notable application, our work offers an idealized model that provides useful, albeit heuristic, guidance for setting the security parameters of \emph{recursive STARKs} currently used in blockchain systems.

In 2019, Wan, Liao, Yan and Tsai proposed an article ``Discrete Sliding Mode Control for Chaos Synchronization and Its Application to an Improved ElGamal Cryptosystem''. However, Wan et al. just renamed the variable names without modified the core algorithm. Their paper passed review phase and then published. For this case, it is difficult to detect this situation by computer/digital forensics techniques. In this paper the authors would like to point out this dilemmas.

Domain Generation Algorithms (DGAs) are used by malware to generate pseudorandom domain names to establish communication between infected bots and Command and Control servers. While DGAs can be detected by machine learning (ML) models with great accuracy, offering DGA detection as a service raises privacy concerns when requiring network administrators to disclose their DNS traffic to the service provider. We propose the first end-to-end framework for privacy-preserving classification as a service of domain names into DGA (malicious) or non-DGA (benign) domains. We achieve this through a combination of two privacy-enhancing technologies (PETs), namely secure multi-party computation (MPC) and differential privacy (DP). Through MPC, our framework enables an enterprise network administrator to outsource the problem of classifying a DNS domain as DGA or non-DGA to an external organization without revealing any information about the domain name. Moreover, the service provider's ML model used for DGA detection is never revealed to the network administrator. Furthermore, by using DP, we also ensure that the classification result cannot be used to learn information about individual entries of the training data. Finally, we leverage the benefits of quantization of deep learning models in the context of MPC to achieve efficient, secure DGA detection. We demonstrate that we achieve a significant speed-up resulting in a 15% reduction in detection runtime without reducing accuracy.

In the ever-evolving landscape of Information Technologies, private decentralized computing on an honest yet curious server has emerged as a prominent paradigm. While numerous schemes exist to safeguard data during computation, the focus has primarily been on protecting the confidentiality of the data itself, often overlooking the potential information leakage arising from the function evaluated by the server. Recognizing this gap, this article aims to address the issue by presenting and implementing an innovative solution for ensuring the privacy of both the data and the program. We introduce a novel approach that combines the power of Fully Homomorphic Encryption with the concept of the Turing Machine model, resulting in the first fully secure practical, non-interactive oblivious Turing Machine. Our Oblivious Turing Machine construction is based on only three hypothesis, the hardness of the Ring Learning With Error problem, the ability to homomorphically evaluate non-linear functions and the capacity to blindly rotate elements of a data structure. Only based on those three assumptions, we propose an implementation of an Oblivious Turing Machine relying on the TFHE cryptosystem and present some implementation results.

Fully homomorphic encryption is a promising solution for privacy-preserving computation. For BFV, BGV, and CKKS, three state-of-the-art fully homomorphic encryption schemes, the so-called key switching is one of the primary bottlenecks when evaluating homomorphic circuits. While a large body of work explores optimal selection for scheme parameters such as the polynomial degree or the ciphertext modulus, the realm of key switching parameters is relatively unexplored.

This work closes this gap, formally exploring the parameter space for BGV-like key switching. We introduce a new asymptotic bound for key switching complexity, thereby providing a new perspective on this crucial operation. We also explore the parameter space for the recently proposed double-decomposition technique by Kim et al. [24], which outperforms current state-of-the-art only in very specific circumstances. Furthermore, we revisit an idea by Gentry, Halevi, and Smart [19] switching primes in and out of the ciphertext and find novel opportunities for constant folding, speeding up key switching by up to 50% and up to 11.6%, respectively.

Symmetric Private Information Retrieval (SPIR) is a protocol that protects privacy during data transmission. However, the existing SPIR focuses only on the privacy of the data to be requested on the server, without considering practical factors such as the payload that may be present during data transmission. This could seriously prevent SPIR from being applied to many complex data scenarios and hinder its further expansion. To solve such problems, we propose a primitive (PSKPIR) for symmetric private keyword information retrieval based on private set intersection (PSI) that supports payload transmission and batch keyword search. Specifically, we combine probe-and-XOR of strings (PaXoS) and Oblivious Programmable PRF (OPPRF) to construct PSI with payload (PSI-Payload) not only satisfies client privacy and server privacy, but also facilitates efficient payload transmission. The client can efficiently generate symmetric keys locally using keywords in the intersection, and receive payloads with matching labels in batches. In addition, we provide security definitions for PSKPIR and use the framework of universal composability (UC) to prove security. Finally, we implement PSKPIR with sublinear communication costs in both LAN and WAN settings. Experimental results show that our payload transfer speed is 10× faster than previous work on sufficiently large data sets.

Event date: 12 June to 14 June 2024
Submission deadline: 19 January 2024
Notification: 15 March 2024

Event date: 24 March 2024

Event date: 17 January to 19 January 2024

Event date: 18 August to 22 August 2024

Event date: 5 March to 8 March 2024
Submission deadline: 11 November 2023
Notification: 10 December 2023

Two assistant professor (maître de conférences) positions in computer science will open at University of Lorraine in Spring 2024, with the common topic of security and safety. Hired persons will conduct their research on these topics within one of the teams of the Loria research lab [1] (Nancy). Teaching will take place at Mines Nancy for one of the two positions, and Polytech Nancy for the other one. At Mines Nancy, the hired person may choose to teach entirely in English.

All relevant detailed information about these positions will be posted online in due time.

Potential applicants are encouraged to reach out well in advance.

IMPORTANT (in particular for foreign applicants) Applicants must enter the "qualification" process [2] before Nov. 10, 4pm, in order to apply. The application deadline is in March 2024.

Newly hired assistant professors typically have a reduced teaching load for at least the first year.

Links:

• [1] https://www.loria.fr/
• [2] https://www.galaxie.enseignementsup-recherche.gouv.fr/ensup/cand_qualification_droit_commun.htm

Closing date for applications:

Contact: Emmanuel.Thome@loria.fr

Our chair performs research and teaching in the area of IT Security with a strong focus on Network Security and Online Privacy. Our goal is to advance the state of the art in research and to educate qualified computer scientists in the area of IT Security who are able to meet the challenges of the growing demand on securing IT Systems and provide data protection in various areas of our life and society. More information about us can be found at https://www.b-tu.de/en/fg-it-sicherheit.

Tasks:

• Active research in the area of intrusion detection systems (IDS) for critical infrastructures, secure cyber-physical systems, and artificial intelligence / machine learning for traffic analysis
• Implementation and evaluation of new algorithms and methods
• Cooperation and knowledge transfer with industrial partners
• Publication of scientific results
• Assistance with teaching

Requirements:

• Master’s degree (or equivalent) and PhD degree (only for PostDocs) in Computer Science or related disciplines
• Strong interest in IT security and/or networking and distributed systems
• Knowledge of at least one programming language (C++, Java, etc.) and one scripting language (Perl, Python, etc.) or strong willingness to quickly learn new programming languages
• Linux/Unix skills
• Knowledge of data mining, machine learning, statistics and result visualization concepts is of advantage
• Excellent working knowledge of English; German is of advantage
• Excellent communication skills

Applications containing the following documents:

• A detailed Curriculum Vitae
• Transcript of records from your Master studies
• An electronic version of your Master thesis, if possible
should be sent in a single PDF file as soon as possible, but not later than 09.11.2023 at itsec-jobs.informatik@lists.b-tu.de.

Closing date for applications:

Contact:

Applications should be sent in a single PDF file till 09.11.2023 at itsec-jobs.informatik@lists.b-tu.de

Applications sent to email addresses other than that will be automatically discarded.

More information: https://www.b-tu.de/fg-it-sicherheit

The School of Electrical and Electronic Engineering at Nanyang Technological University (NTU), Singapore invites applications for the position of Professor (Tenured) in “Quantum Sovereignty and Resilience (QUASAR)"

Responsibilities
The applicant is expected to possess an international reputation as a technological leader in the areas of quantum security technologies such as Quantum Cryptanalysis, Post-quantum Cryptography (PQC), Quantum Key Distribution Systems, Quantum-safe Communication and Privacy-preserving Computing, etc., and has an excellent record of distinguished academic and scholarly achievements in at least one area within quantum-safe cryptography or quantum communication system security. The job holder is expected to play a leading role to grow new capabilities, nurture innovative ideas and develop strategies jointly with other faculty members to attract funding and resources in the relevant areas of research.

Requirements

• A relevant PhD from a reputable university
• Extensive research and teaching experience in Computing, Communication and Data Space Security and Trust.
• Successful track record of academic/research leadership and team building
• Experience in cross-disciplinary research initiatives and collaboration
• Well-developed understanding of the priorities, operation and strategies of relevant funding bodies
• Strong network and ties with renowned international entities and organisations
• Internationally acclaimed with presentations such as plenary and/or keynote addresses at flagship conferences and prestigious journal publications.

Application
Application (cover letter, detailed CV including publication list, research and teaching statements, citation report, and/or any other documents) can be submitted through the NTU Workday career portal https://ntu.wd3.myworkdayjobs.com/Careers/job/NTU-Main-Campus-Singapore/Professor--Tenured--in--Quantum-Sovereignty-and-Resilience--QUASAR--_R00015067.
Only shortlisted candidates will be notified.

Closing date for applications:

Contact: Prof Chang Chip Hong

More information: https://ntu.wd3.myworkdayjobs.com/Careers/job/NTU-Main-Campus-Singapore/Professor--Tenured--in--Quantum-Sovereignty-and-Resilience--QUASAR--_R00015067/apply

The Security and Privacy Lab of the Department of Computer Science at the University of Innsbruck, Austria offers a doctoral (Phd student/University assistant) position in the area of Symmetric Cryptography for Secure and Private Computation. A successful candidate should have an excellent academic record from master's or equivalent curriculum in Mathematics, Computer Science, or related fields, and is expected to do cutting edge research in cryptography. Previous knowledge/experience in the area of cryptography or security is a plus.

The University of Innsbruck is located in the heart of the Alps, in the capital city of the Austrian state of Tyrol. The Security and Privacy Lab is engaged in research on a range of topics, including cryptography, privacy enhancing technologies (PETs) and digital currencies. Our working language is English.

How to apply? Formal application must be submitted via https://lfuonline.uibk.ac.at/public/karriereportal.details?asg_id_in=13843

Inquiries regarding the position and application to: arnab.roy[AT]uibk.ac.at

Closing date for applications:

Contact: Dr. Arnab Roy

More information: https://informationsecurity.uibk.ac.at/pdfs/vacancies/vacancy_note_MIP-13843.pdf

We are looking for a postdoc to work on one of the following topics:
- secret sharing schemes and information theory,
- side-channels attacks,
- acceleration of cryptographic primitives.
The successful candidates will be employed on a full-time contract starting at the beginning of 2024. The contract is for 2 years. The application deadline is November 25, 2023.
More details at https://crises-deim.urv.cat/web/positions

Closing date for applications:

Contact: Oriol Farràs (oriol.farras@urv.cat)

More information: https://crises-deim.urv.cat/web/positions

Applications are invited for a post-doctoral fellow position in any of these areas: cryptographic hardware/software systems, blockchain technology and digital payments. The successful candidate will join Professor Anwar Hasan’s research group at the University of Waterloo. Applicants with a recent Ph.D. in Computer Engineering, Computer Science or a related discipline, and publications at premium venues are encouraged to email pdf copies of their CVs and cover letters to Professor Anwar Hasan (ahasan at uwaterloo.ca). Application deadline: November 6, 2023 for full consideration. After this deadline, applications will be processed as they arrive.

Closing date for applications:

Contact: Anwar Hasan

Monash cybersecurity group has several openings for PhD positions. The topics of interest are

1. Post-quantum cryptography (based on lattices and/or hash) and its applications e.g. to blockchain
2. Privacy-enhancing technologies (e.g. zero-knowledge proofs) and their applications

We provide

1. highly competitive tuition fee and stipend scholarships
2. opportunities to collaborate with leading academic and industry experts in the related areas
3. opportunities to participate in international grant-funded projects
4. collaborative and friendly research environment
5. an opportunity to live/study in one of the most liveable and safest cities in the world

The positions will be filled as soon as suitable candidates are found.

Requirements. Strong mathematical and cryptography backgrounds are required. Some knowledge/experience in coding (for example, Python, C/C++, and/or SageMath) is a plus. Candidates must have completed (or be about to complete within the next 6 months) a significant research component either as part of their undergraduate (honours) degree or masters degree. They should have excellent English verbal and written communication skills.

How to apply. Please fill out the following form (also clickable from the advertisement title): https://docs.google.com/forms/d/e/1FAIpQLSetFZLvDNug5SzzE-iH97P9TGzFGkZB-ly_EBGOrAYe3zUYBw/viewform?usp=sf_link

Closing date for applications:

Contact: Ron Steinfeld

More information: https://docs.google.com/forms/d/e/1FAIpQLSetFZLvDNug5SzzE-iH97P9TGzFGkZB-ly_EBGOrAYe3zUYBw/viewform?usp=sf_link