International Association
for Cryptologic Research

Event date: 9 April to 10 April 2024
Submission deadline: 8 December 2023
Notification: 26 January 2024

Public key encryption with keyword search (PEKS), formalized by Boneh et al. [EUROCRYPT' 04], enables secure searching for specific keywords in the ciphertext. Nevertheless, in certain scenarios, varying user tiers are granted disparate data searching privileges, and administrators need to restrict the searchability of ciphertexts to select users exclusively. To address this concern, Jiang et al. [ACISP' 16] devised a variant of PEKS, namely public key encryption with authorized keyword search (PEAKS), wherein solely authorized users possess the ability to conduct targeted keyword searches. Nonetheless, it is vulnerable to resist quantum computing attacks. As a result, research focusing on authorizing users to search for keywords while achieving quantum security is far-reaching. In this work, we present a novel construction, namely lattice-based PEAKS (L-PEAKS), which is the first mechanism to permit the authority to authorize users to search different keyword sets while ensuring quantum-safe properties. Specifically, the keyword is encrypted with a public key, and each authorized user needs to obtain a search privilege from an authority. The authority distributes an authorized token to a user within a time period and the user will generate a trapdoor for any authorized keywords. Technically, we utilize several lattice sampling and basis extension algorithms to fight against attacks from quantum adversaries. Moreover, we leverage identity-based encryption (IBE) to alleviate the bottleneck of public key management. Furthermore, we conduct parameter analysis, rigorous security reduction, and theoretical complexity comparison of our scheme and perform comprehensive evaluations at a commodity machine for completeness. Our L-PEAKS satisfies IND-sID-CKA and T-EUF security and is efficient in terms of space and computation complexity compared to other existing primitives. Finally, we provide two potential applications to show its versatility.

The Institute of Cybersecurity and Cryptology (iC2), University of Wollongong (UOW), Australia, is recruiting for a postdoc position in the standardisation and development of practical privacy-enhancing cryptographic techniques for cloud computing. The project will be led by Distinguished Professor Willy Susilo (UOW, Australia), Dr Khoa Nguyen (UOW, Australia), Dr Yannan Li (UOW, Australia), Dr Partha Sarathi Roy (UOW, Australia) and Professor Manindra Agrawal (IIT Kanpur, India). The research group at iC2, UOW is one of the largest research hubs in cryptography in Australia and the Asia-Pacific region. The group regularly publishes cutting-edge results at top conferences and journals on cryptography and cybersecurity. The position is initially for one year, with a competitive salary package and a possibility of further extension. The candidate must hold a PhD degree in cryptography or a related area and is expected to be familiar with security & privacy regulation frameworks and to have a solid background in privacy-preserving techniques. A strong publication record at recognised venues in cryptography and cybersecurity is a bonus. How to apply: Send your CV and a one-page description of why you are qualified to Dr Partha Sarathi Roy (partha@uow.edu.au). Deadline: 15 December 2023.

Closing date for applications:

Contact: Dr Partha Sarathi Roy (partha@uow.edu.au)

Simula UiB (https://simula-uib.com) is a research centre in Cryptography and Information Theory located in Bergen, Norway. We are currently looking for an outstanding candidate for a PhD researcher position in the area of post-quantum cryptography. The successful candidate will work under the supervision of Carlos Cid and Håvard Raddum towards a PhD degree from the University of Bergen. The research topic will be the mathematical foundations of cryptographic algorithms designed to be secure against quantum computers. Specific research questions to address in the project will be discussed with the successful applicant, but may include themes like security assessment of standardised algorithms or encryption/signature schemes based on new mathematical problems believed to be hard to solve even for a quantum computer.

Simula UiB has currently 13 Early Career Researchers working on a range of research problems in cryptography and information theory, and can offer a vibrant, stimulating and inclusive working environment to the successful candidate.

This is a 3-year position, which may be extended to a 4-year position to include career enhancing work. In this case, the student will dedicate 25% of their total PhD period to compulsory work related to their research area. Examples of this work include teaching, outreach activities and applied research experiments. The decision of a 4th year and its particular nature will be discussed during recruitment, and agreed on with the candidate at the time of start.

Simula UiB offers:

- Generous support for travel and opportunities to build international networks.

- A competitive salary; starting salary from NOK 532 200.

- Numerous employee benefits, including access to company cabin, sponsored social events, equipment budget, and comprehensive travel/health insurance policy.

- Relocation assistance, including complimentary Norwegian language courses.

- Healthy wellness and work-life balance arrangements.

Closing date for applications:

Contact: Carlos Cid (carlos@simula.no)

More information: https://www.simula.no/careers/job-openings/phd-student-in-post-quantum-cryptography/

We seek to hire an outstanding PhD candidate. The successful candidate will participate in the activities of the CRISES research group, which focuses on theoretical advances for computer security and privacy. The University offers a 4-year PhD scholarship to work in an exciting international environment located at the sunny and mediterranean city of Tarragona, Spain.

Closing date for applications:

Contact: Dr. Rolando Trujillo at rolando.trujillo@urv.cat

More information: https://www.urv.cat/en/research/support/programmes/urv/programa-marti-franques/pipf/marti-franques-research-fellowship-programme-for-the-contracting-of-trainee-predoctoral-research-staff-2023-pipf-second-standard-edition/

The newly stablished Implementation Security group is one of the core groups forming the faculty of Computer Science in the Technische Universität Darmstadt and National Research Center for Applied Cybersecurity (ATHENE). The research focus of the group is on the security of implementations. A large part of our research is dedicated to hardware security, protection against physical attacks (side-channel analysis and fault-injection attacks), security analysis of real-world systems particularly internet of things, and efficient hardware and software implementation of cryptographic primitives. This includes various implementation platforms like ASICs, FPGAs, and micro-processors.

The group is looking for excellent B.Sc. and M.Sc. graduates with outstanding grades and degrees in computer science, electrical engineering, and mathematics. In addition, we are looking for outstanding postdoctoral candidates from these fields. Initially, we offer three-year fully funded positions for B.Sc. and M.Sc. graduates. The expectation is to work towards a doctorate. Postdoctoral positions are initially offered a 2-year contract. Both PhD and Postdoctoral positions are subject to extensions. The salary will be according to the remuneration group E 13 TV-L (full time).

Our offerings:

• Excellent research environment with award-winning scientists,
• Open team culture,
• Programs designed to support parents,
• Support measures for women in IT security,
• Excellent support for doctoral and postdoctoral researchers,
• Opportunities for academic and professional development,
• Budget for courses, conferences, equipment and international exchange

Contact details for your application:

Are you interested? Please send your complete application documents in one single pdf file to: amir.moradi@tu-darmstadt.de. The required documents are: Curriculum Vitae, transcript of records of BSc., transcript of records of MSc. (if applicable), two reference names (supervisors or other researchers with whom you worked).

Closing date for applications:

Contact: Amir Moradi: (amir.moradi@tu-darmstadt.de)

We are looking for a bright and motivated PhD student to work in the topics of information security and cryptography.

The student is expected to work on topics that include security and privacy issues in authentication. More precisely, the student will be working on investigating efficient and privacy-preserving authentication that provides: i) provable security guarantees, and ii) rigorous privacy guarantees.

Key Responsibilities:

• Perform exciting and challenging research in the domain of information security and cryptography.
• Support and assist in teaching computer security and cryptography courses.

Profile:

• The PhD student is expected to have a MSc degree or equivalent, and strong background in cryptography, network security and mathematics.
• Experience in one or more domains such as cryptography, design of protocols, secure multi-party computation and differential privacy is beneficial.
• Excellent programming skills.
• Excellent written and verbal communication skills in English

The Chair of Cyber Security, https://cybersecurity.unisg.ch/, led by Prof. Katerina Mitrokotsa, is a part of the Institute of Computer Science (ICS) at the University of St.Gallen. Our research interests are centered around information security and applied cryptography, with the larger goal of safeguarding communications and providing strong privacy guarantees. We are currently active in multiple areas including the design of provably secure cryptographic protocols and cryptographic primitives that can be employed for reliable authentication, outsourcing computations in cloud-assisted settings, network security problems as well as secure and privacy-preserving machine learning. As a doctoral student you will be a part of the Doctoral School of Computer Science (DCS), https://dcs.unisg.ch.

The starting date for the position is flexible and come with a very competitive salary. The selection process runs until the suitable candidate has been found.

Please apply by 20th November 2023 through the job portal (via link).

Closing date for applications:

Contact:
Please, all applications through the job portal (via link).
Eriane Breu (Administrative matters)
Prof. Katerina Mitrokotsa (Research related questions)

More information: https://jobs.unisg.ch/offene-stellen/funded-phd-student-in-applied-cryptography-privacy-preserving-authentication-m-f-d-m-w-d/6ce1d454-47ca-4710-a9f2-33429243b4ac

There is an open call for a Postdoc position in the Cyber Security and Applied Cryptograhy research group at the Institute of Computer Science, University of St.Gallen, led by Prof. Katerina Mitrokotsa.

Our research interests are centered around information security and applied cryptography, with the larger goal of safeguarding communications and providing strong privacy guarantees. We are active in several areas, a subset of which include:

• Verifiable computation
• Secure, private and distributed aggregation
• Secure multi-party computation
• Privacy-preserving biometric authentication
• Anonymous credentials
• Distributed and privacy-preserving authentication

Candidates should have a strong background in applied cryptography and provable security, are able to work independently and also collaborate in a team. Applicants must hold a Ph.D., with contributions in the relevant research topics and have publications in good venues.

The starting date for the position is flexible and come with a very competitive salary. The selection process runs until the suitable candidate has been found. The University of St.Gallen conducts excellent research with international implications. The city of St.Gallen is located one hour from Zurich and offers a high quality of life.

Please apply by 20th November 2023 through the job portal (via link).

Closing date for applications:

Contact:
Please, all applications through the job portal (via link).
Eriane Breu (Administrative matters)
Prof. Katerina Mitrokotsa (Research related questions)

More information: https://jobs.unisg.ch/offene-stellen/postdoc-fellow-in-cryptography-information-security-m-f-d-m-w-d/831c6e8a-e191-48ec-92d5-320b2822a9ab

Parallel repetition refers to a set of valuable techniques used to reduce soundness error of probabilistic proofs while saving on certain efficiency measures. Parallel repetition has been studied for interactive proofs (IPs) and multi-prover interactive proofs (MIPs). In this paper we initiate the study of parallel repetition for probabilistically checkable proofs (PCPs).

We show that, perhaps surprisingly, parallel repetition of a PCP can increase soundness error, in fact bringing the soundness error to one as the number of repetitions tends to infinity. This "failure" of parallel repetition is common: we find that it occurs for a wide class of natural PCPs for NP-complete languages. We explain this unexpected phenomenon by providing a characterization result: the parallel repetition of a PCP brings the soundness error to zero if and only if a certain "MIP projection" of the PCP has soundness error strictly less than one. We show that our characterization is tight via a suitable example. Moreover, for those cases where parallel repetition of a PCP does bring the soundness error to zero, the aforementioned connection to MIPs offers preliminary results on the rate of decay of the soundness error.

Finally, we propose a simple variant of parallel repetition, called consistent parallel repetition (CPR), which has the same randomness complexity and query complexity as the plain variant of parallel repetition. We show that CPR brings the soundness error to zero for every PCP (with non-trivial soundness error). In fact, we show that CPR decreases the soundness error at an exponential rate in the repetition parameter.

In this paper we revisit the problem of erasing sensitive data from memory and registers during return from a cryptographic routine. While the problem and related attacker model is fairly easy to phrase, it turns out to be surprisingly hard to guarantee security in this model when implementing cryptography in common languages such as C/C++ or Rust. We revisit the issues surrounding zeroization and then present a principled solution in the sense that it guarantees that sensitive data is erased and it clearly defines when this happens. We implement our solution as extension to the formally verified Jasmin compiler and extend the correctness proof of the compiler to cover zeroization. We show that the approach seamlessly integrates with state-of-the-art protections against microarchitectural attacks by integrating zeroization into Libjade, a cryptographic library written in Jasmin with systematic protections against timing and Spectre-v1 attacks. We present benchmarks showing that in many cases the overhead of zeroization is barely measurable and that it stays below 2% except for highly optimized symmetric crypto routines on short inputs.

Boolean Searchable Symmetric Encryption (BSSE) enables users to perform retrieval operations on the encrypted data while sup- porting complex query capabilities. This paper focuses on addressing the storage overhead and privacy concerns associated with existing BSSE schemes. While Patel et al. (ASIACRYPT’21) and Bag et al. (PETS’23) introduced BSSE schemes that conceal the number of single keyword re- sults, both of them suffer from quadratic storage overhead and neglect the privacy of search and access patterns. Consequently, an open ques- tion arises: Can we design a storage-efficient Boolean query scheme that effectively suppresses leakage, covering not only the volume pattern for singleton keywords, but also search and access patterns? In light of the limitations of existing schemes in terms of storage over- head and privacy protection, this work presents a novel solution called SESAME. It realizes efficient storage and privacy preserving based on Bloom filter and functional encryption. Moreover, we propose an en- hanced version, SESAME+, which offers improved search performance. By rigorous security analysis on the leakage functions of our schemes, we provide a formal security proof. Finally, we implement our schemes and demonstrate that SESAME+ achieves superior search efficiency and reduced storage overhead.

We demonstrate that a passive network attacker can opportunistically obtain private RSA host keys from an SSH server that experiences a naturally arising fault during signature computation. In prior work, this was not believed to be possible for the SSH protocol because the signature included information like the shared Diffie-Hellman secret that would not be available to a passive network observer. We show that for the signature parameters commonly in use for SSH, there is an efficient lattice attack to recover the private key in case of a signature fault. We provide a security analysis of the SSH, IKEv1, and IKEv2 protocols in this scenario, and use our attack to discover hundreds of compromised keys in the wild from several independently vulnerable implementations.

Zero-knowledge proofs for NP statements are an essential tool for building various cryptographic primitives and have been extensively studied in recent years. In a seminal result from Goldreich, Micali and Wigderson (JACM'91), zero-knowledge proofs for NP statements can be built from any one-way function, but this construction leads very inefficient proofs. To yield practical constructions, one often uses the additional structure provided by homomorphic commitments. In this paper, we introduce a relaxed notion of homomorphic commitments, called malleable commitments, which requires less structure to be instantiated. We provide a malleable commitment construction from the ElGamal-type isogeny-based group action (Eurocrypt’22). We show how malleable commitments with a group structure in the malleability can be used to build zero-knowledge proofs for NP statements, improving on the naive construction from one-way functions. We consider three representations: arithmetic circuits, rank-1 constraint systems and branching programs. This work gives the first attempt at constructing a post-quantum generic proof system from isogeny assumptions (the group action DDH problem). Though the resulting proof systems are linear in the circuit size, they possess interesting features such as non-interactivity, statistical zero-knowledge, and online-extractability.

In 2012, Ding, Xie and Lin designed a key exchange protocol based on Ring-LWE problem, called the DXL key exchange protocol, which can be seen as an extended version of the Diffie-Hellman key exchange. In this protocol, Ding et al. achieved key exchange between the communicating parties according to the associativity of matrix multiplications, that is, $(x^T\cdot A)\cdot y = x^T\cdot (A\cdot y)$, where $x,y$ are column vectors and $A$ is a square matrix. However, the DXL key exchange protocol cannot resist key reuse attacks. At ESORICS 2022, Qin et al. proposed a method that an adversary can recover the reused private key after forging the public keys for several times. Nevertheless, Qin et al.'s method leads to a lot of redundant operations. In this paper, we improve Qin et al.'s method to a more general case and propose an effective approach to combine signal leakage attacks with depth first search. Compared with state-of-the-art result appeared at ESORICS 2022, the number of reused private key have been decreased from 29 to 10. In other words, if the number of reuses exceeds 10, the private key will be restored. Moreover, we validate the effectiveness of the results through experiments.

The Boolean map $\chi_n \colon \mathbb{F}_2^n \to \mathbb{F}_2^n,\ x \mapsto y$ defined by $y_i = x_i + (x_{i+1}+1)x_{i+2}$ (where $i\in \mathbb{Z}/n\mathbb{Z}$) is used in various permutations that are part of cryptographic schemes, e.g., Keccak-f (the SHA-3-permutation), ASCON (the winner of the NIST Lightweight competition), Xoodoo, Rasta and Subterranean (2.0). In this paper, we study various algebraic properties of this map. We consider $\chi_n$ (through vectorial isomorphism) as a univariate polynomial. We show that it is a power function if and only if $n=1,3$. We furthermore compute bounds on the sparsity and degree of these univariate polynomials, and the number of different univariate representations. Secondly, we compute the number of monomials of given degree in the inverse of $\chi_n$ (if it exists). This number coincides with binomial coefficients. Lastly, we consider $\chi_n$ as a polynomial map, to study whether the same rule ($y_i = x_i + (x_{i+1}+1)x_{i+2}$) gives a bijection on field extensions of $\mathbb{F}_2$. We show that this is not the case for extensions whose degree is divisible by two or three. Based on these results, we conjecture that this rule does not give a bijection on any extension field of $\mathbb{F}_2$.

Several key exchange protocols based on tropical circulant matrices were proposed in the last two years. In this paper, we show that protocols offered by M. Durcheva [M. I. Durcheva. TrES: Tropical Encryption Scheme Based on Double Key Exchange. In: Eur. J. Inf. Tech. Comp. Sci. 2.4 (2022), pp. 11–17], by B. Amutha and R. Perumal [B. Amutha and R. Perumal. Public key exchange protocols based on tropical lower circulant and anti-circulant matrices. In: AIMS Math. 8.7 (2023), pp. 17307–17334.], and by H. Huang, C. Li, and L. Deng [H. Huang, C. Li, and L. Deng. Public-Key Cryptography Based on Tropical Circular Matrices. In: Appl. Sci. 12.15 (2022), p. 7401] are insecure.

Private Set Intersection Cardinality(PSI-CA) is a type of secure two-party computation. It enables two parties, each holding a private set, to jointly compute the cardinality of their intersection without revealing any other private information about their respective sets.

In this paper, we manage to break two PSI-CA protocols by recovering the specific intersection items in polynomial time. Among them, the PSI-CA protocol proposed by De Cristofaro et al. in 2012 is the most popular PSI-CA protocol based on the Google Scholar search results and it is still deemed one of the most efficient PSI-CA protocols.

In this paper, we also propose several solutions to these protocols' security problems.

Interactive Oracle Proof of Proximity (IOPPs) are a powerful tool for constructing succinct non-interactive arguments of knowledge (SNARKs) in the random oracle model, which are fast and plausibly post-quantum secure. The Fast Reed Solomon IOPP (FRI) is the most widely used in practice, while tensor-code IOPPs (such as Brakedown) achieve significantly faster prover times at the cost of much larger proofs. IOPPs are used to construct polynomial commitment schemes (PCS), which are not only an important building block for SNARKs but also have a wide range of independent applications.

This work introduces Basefold, a generalization of the FRI IOPP to a broad class of linear codes beyond Reed-Solomon, which we call $\textit{foldable linear codes}$. We construct a new family of foldable linear codes, which are a special type of randomly punctured Reed-Muller code, and prove tight bounds on their minimum distance. Finally, we introduce a new construction of a multilinear PCS from any foldable linear code, which is based on interleaving Basefold with the classical sumcheck protocol for multilinear polynomial evaluation. As a special case, this gives a new multilinear PCS from FRI.

In addition to these theoretical contributions, the Basefold PCS instantiated with our new foldable linear codes offers a more reasonable tradeoff between prover time, proof size, and verifier time than prior constructions. For instance, for polynomials over a $64$-bit field with $12$ variables, the Basefold prover is faster than both Brakedown and FRI-PCS ($2$ times faster than Brakedown and $3$ times faster than FRI-PCS), and its proof is $4$ times smaller than Brakedown's. On the other hand, for polynomials with $25$ variables, Basefold's prover is $6.5$ times faster than FRI-PCS, it's proof is $2.5$ times smaller than Brakedown's and its verifier is $7.5$ times faster. Using Basefold to compile the Hyperplonk PIOP [CBBZ23] results in an extremely fast implementation of Hyperplonk, which in addition to having competitive performance on general circuits, is particularly fast for circuits with high-degree custom gates (e.g., signature verification and table lookups). Hyperplonk with Basefold is approximately equivalent to the speed of Hyperplonk with Brakedown, but with a proof size that is more than $5$ times smaller. Finally, Basefold maintains performance across a wider variety of field choices than FRI, which requires FFT-friendly fields. Thus, Basefold can have an extremely fast prover compared to SNARKs from FRI for special applications. Benchmarking a circom ECDSA verification circuit with curve secp256k1, Hyperplonk with Basefold has a prover time that is more than $200\times$ faster than with FRI and its proof size is $5.8$ times smaller than Hyperplonk with Brakedown.

Event date: 5 March to 8 March 2024
Submission deadline: 15 November 2023
Notification: 22 December 2023

Event date: 8 March 2024
Submission deadline: 15 December 2023
Notification: 12 January 2024