International Association
for Cryptologic Research

Deep Learning (DL) based Side-Channel Analysis (SCA) has been extremely popular recently. DL-based SCA can easily break implementations protected by masking countermeasures. DL-based SCA has also been highly successful against implementations protected by various trace desynchronization-based countermeasures like random delay, clock jitter, and shuffling. Over the years, many DL models have been explored to perform SCA. Recently, Transformer Network (TN) based model has also been introduced for SCA. Though the previously introduced TN-based model is successful against implementations jointly protected by masking and random delay countermeasures, it is not scalable to long traces (having a length greater than a few thousand) due to its quadratic time and memory complexity. This work proposes a novel shift-invariant TN-based model with linear time and memory complexity. The contributions of the work are two-fold. First, we introduce a novel TN-based model called EstraNet for SCA. EstraNet has linear time and memory complexity in trace length, significantly improving over the previously proposed TN-based model’s quadratic time and memory cost. EstraNet is also shift-invariant, making it highly effective against countermeasures like random delay and clock jitter. Secondly, we evaluated EstraNet on three SCA datasets of masked implementations with random delay and clock jitter effects. Our experimental results show that EstraNet significantly outperforms several benchmark models, demonstrating up to an order of magnitude reduction in the number of attack traces required to reach guessing entropy 1.

Explainable AI (XAI) refers to the development of AI systems and machine learning models in a way that humans can understand, interpret and trust the predictions, decisions and outputs of these models. A common approach to explainability is feature importance, that is, determining which input features of the model have the most significant impact on the model prediction. Two major techniques for computing feature importance are LIME (Local Interpretable Model-agnostic Explanations) and SHAP (SHapley Additive exPlanations). While very generic, these methods are computationally expensive even in plaintext. Applying them in the privacy-preserving setting when part or all of the input data is private is therefore a major computational challenge. In this paper, we present $\texttt{XorSHAP}$ - the first practical privacy-preserving algorithm for computing Shapley values for decision tree ensemble models in the semi-honest Secure Multiparty Computation (SMPC) setting with full threshold. Our algorithm has complexity $O(T \widetilde{M} D 2^D)$, where $T$ is the number of decision trees in the ensemble, $D$ is the depth of the decision trees and $\widetilde{M}$ is the maximum of the number of features $M$ and $2^D$ (the number of leaf nodes of a tree), and scales to real-world datasets. Our implementation is based on Inpher's $\texttt{Manticore}$ framework and simultaneously computes (in the SMPC setting) the Shapley values for 100 samples for an ensemble of $T = 60$ trees of depth $D = 4$ and $M = 100$ features in just 7.5 minutes, meaning that the Shapley values for a single prediction are computed in just 4.5 seconds for the same decision tree ensemble model. Additionally, it is parallelization-friendly, thus, enabling future work on massive hardware acceleration with GPUs.

zkSNARK is a cryptographic primitive that allows a prover to prove to a resource constrained verifier, that it has indeed performed a specified non-deterministic computation correctly, while hiding private witnesses. In this work we focus on lattice based zkSNARK, as this serves two important design goals. Firstly, we get post-quantum zkSNARK schemes with $O(\log (\mbox{Circuit size}))$ sized proofs (without random oracles) and secondly, the easy verifier circuit allows further bootstrapping by arbitrary (zk)SNARK schemes that offer additional or complementary properties. However, this goal comes with considerable challenges. The only known lattice-based bilinear maps are obtained using multi-linear maps of Garg, Gentry, and Halevi 2013 (GGH13), which have undergone considerable cryptanalytic attacks, in particular annihilation attacks.

In this work, we propose a (level-2) GGH13-encoding based zkSNARK which we show to be secure in the weak-multilinear map model of Miles-Sahai-Zhandry assuming a novel pseudo-random generator (PRG). We argue that the new PRG assumption is plausible based on the well-studied Newton's identity on power-sum polynomials, as well as an analysis of hardness of computing Grobner bases for these polynomials. The particular PRG is designed for efficient implementation of the zkSNARK.

Technically, we leverage the 2-linear instantiation of the GGH13 graded encoding scheme to provide us with an analogue of bilinear maps and adapt the Groth16 (Groth, Eurocrypt 2016) protocol, although with considerable technical advances in design and proof. The protocol is non-interactive in the CRS model.

In this work, we propose a simple framework of constructing efficient non-interactive zero-knowledge proof (NIZK) systems for all NP. Compared to the state-of-the-art construction by Groth, Ostrovsky, and Sahai (J. ACM, 2012), our resulting NIZK system reduces the proof size and proving and verification cost without any trade-off, i.e., neither increasing computation cost, CRS size nor resorting to stronger assumptions. Furthermore, we extend our framework to construct a batch argument (BARG) system for all NP. Our construction remarkably improves the efficiency of BARG by Waters and Wu (Crypto 2022) without any trade-off.

AIT is Austria's s largest research and technology organisation for applied research, located in Vienna.
The cryptography team is conducting research in the domain of public key cryptography, including secure communication, privacy-enhancing technologies, and long-term and post-quantum security. Our research covers the full spectrum from idea creation to the development of prototypes and demonstrators.

The team is seeking to grow, and is therefore offering a scientist position in cryptography.

Requirements:

• PhD (or equivalent) in computer science or a related field, with a specialization on (public-key) cryptology
• Profound knowledge and experience in (public key) cryptography, including, e.g.: federated computation, secure communication, long-term and post-quantum security, privacy-enhancing technologies, real world crypto, zero-knowledge proofs and zkSNARKs.
• Strong track record with publications at competitive academic conferences or journals
• Experience in the acquisition and execution of national and transnational research projects (e.g., Horizon 2020) is a plus
• Good knowledge of a programming language (e.g., C/C++, Rust, Python, Java) and software development is a plus
• Very good written and oral English skills; knowledge of German is not a requirement but willingness to learn German is expected

AIT values diversity and is committed to equality.

The minimum gross annual salary on a full-time basis (38,5 h / week) according to the collective agreement is EUR 61.614,--. The actual salary will be determined individually, based on your qualifications and experience. In addition, we offer company benefits, flexible working conditions, individual training and career opportunities.

All applications (including cover letter, full CV, at least 2 references) need to be submitted using the following link: https://jobs.ait.ac.at/Job/218885

Closing date for applications:

Contact: Stephan Krenn (stephan.krenn@ait.ac.at)

More information: https://jobs.ait.ac.at/Job/218885

Event date: 23 July to 25 July 2024
Submission deadline: 27 May 2024
Notification: 10 June 2024

We are currently hiring a Scientist to join our Advanced Research and Cryptography team. In this role you will be an integral part of a team developing and implementing cryptographic protocols for encrypted computations. The Advanced Research and Cryptography team includes well-known researchers and is a major contributor to the OpenFHE software library.

The ideal candidate is expected to have a strong background in lattice-based cryptography and/or fully homomorphic encryption. Experience in secure multiparty computation and/or zero-knowledge proofs is nice to have. Software prototyping experience is important, and C++ prototyping skills are preferred.

This position offers flexibility, with the expectation of working in a hybrid mode (at our Hoboken, NJ office). Candidates can start working remotely. More information is available at https://dualitytech.com/careers/cryptography-scientist-2/.

Closing date for applications:

Contact: Yuriy Polyakov (ypolyakov@dualitytech.com)

More information: https://dualitytech.com/careers/cryptography-scientist-2/

Several fully-funded PhD student openings for Fall 2024 are available in cryptography, computer security, privacy, and blockchain-based systems at the University of Connecticut (UConn), School of Computing, led by Prof. Ghada Almashaqbeh.

The positions provide a great opportunity for students with interest in interdisciplinary projects that combine knowledge from various fields towards the design of secure systems and protocols. We target real-world and timely problems and aim to develop secure and practical solutions backed by rigorous foundations and efficient implementations/thorough performance testing. We are also interested in theoretical projects that contribute in devising new models in Cryptography and Privacy.

For more information about our current and previous projects please check https://ghadaalmashaqbeh.github.io/research/. For interested students, please send your CV to ghada@uconn.edu and provide any relevant information about your research interests, and relevant skills and background.

Closing date for applications:

Contact: Ghada Almashaqbeh

More information: https://ghadaalmashaqbeh.github.io/research/

The Department of Computer Science at University College London (UCL) invites applications for a faculty position in Information Security. We seek world-class talent; candidates must have an outstanding research track record. Appointments will be made at the rank of Lecturer (equivalent to Assistant Professor), Associate Professor or Professor, depending on experience.

We seek applicants with expertise and experience that complements or builds on our current strengths, including but not limited to, the areas of: human factors in security, systems and network security, machine learning and security, cybercrime, online safety, cryptography, embedded systems security, and software security.

Key dates

• Information session: 12 December 2023, 2–3pm (UK time)
• Closing date: 31 January 2024
• Interviews: 26 February to 8 March 2024

Closing date for applications:

Contact: Steven Murdoch (s.murdoch AT ucl.ac.uk)

More information: https://sec.cs.ucl.ac.uk/hiring-2024/

We have three postdoctoral positions in Computer Science - Cybersecurity, starting from March 2024 in Brazil. Successful candidates will join us in the insightful and challenging research project “MENTORED: From Modeling to Experimentation - Predicting and Detecting DDoS and Zero-day attacks” from MCTIC/FAPESP. The team of the MENTORED project comprises researchers from different institutions in Brazil, having as Principal Investigator Prof. Michele Nogueira. Each successful candidate will receive a FAPESP postdoctoral fellowship, a monthly stipend of R$ 9.047,40, and research contingency funds (15% of the annual value of the fellowship per year). Further details on the FAPESP webpage: http://www.fapesp.br/en/5427. Application deadline: until the position is filled. Application e-mail: mentored.project@gmail.com For questions: michele@dcc.ufmg.br For further information about the positions, please see: https://mentored.dcc.ufmg.br/calls (postdoctoral open positions - EN) About the project The research project MCTI/FAPESP MENTORED (From Modeling to Experimentation: Predicting and Detecting DDoS and Zero-day attacks) in Cybersecurity has three (3) postdoctoral fellowship open positions in Brazil. Successful candidates must have completed his/her Ph.D. in Computer Science, Engineering, or equivalent less than seven years ago. The candidate must provide a history of relevant research in areas such as Computer Networks, Network Security, or the Internet of Things. For further information, please send a message to mentored.project@gmail.com

Closing date for applications:

Contact: Michele Nogueira - mentored.project@gmail.com

More information: https://mentored.dcc.ufmg.br/calls

Nillion is a Web3 infrastructure project based on a novel cryptographic innovation called NMC. This new technology enables decentralized data storage and computation

As a Cryptography Researcher at Nillion, you will research, design, and define cryptographic protocols within the larger framework of distributed systems, formally proving their security. You will be responsible for conducting groundbreaking research that will lead to commercially viable and reliable products by analyzing, proposing, and validating cryptography solutions within a decentralized computing environment

Requirements:

• 5+ years of academic research experience in cryptography
• Qualified to a PhD or Postdoc degree in cryptography
• Several international scientific publications
• Deep understanding of MPC
• Excellent verbal and written communication skills in English
• Extensive experience working with internal and external stakeholders
• Have highly effective communication, interpersonal and critical thinking skills
• Ability to understand, formally describe and prove mathematical concepts in writing
• The ability to write formal security proofs in the UC framework Publications in the domain of MPC, ZKP or FHE

Responsibilities:

• Developing new protocols and their security proofs
• Creating variants of existing protocols (synchronous/asynchronous, computational/ITS, passive/active, static/mobile adversaries, boolean/arithmetic, etc.)
• Verifying existing Nillion protocols and their security proofs
• Proof-reading existing written material (e.g. technical whitepaper)
• Writing new security proofs for existing Nillion protocols
• Optimizing existing protocols for performance Giving internal presentations for educational purposes Participating in brainstorming sessions for new ideas

Closing date for applications:

Contact: James Williams (James.Williams@Nillion.com)

Koç University, College of Engineering seeks candidates to serve as part-time instructors to teach undergraduate-level Computer Engineering courses including Introduction to Programming with Python, Advanced Object-Oriented Programming with Java, Programming Language Concepts and Operating Systems. The candidate should have a graduate degree, PhD or MS, in an area related to computer science, data science, statistics, mathematics, or engineering with proficiency in Python, Java, or Systems Programming, a preferred teaching experience of 2+ years, and high motivation for teaching.

Koç University is a private, non-profit institution located on a state-of-the-art campus in Istanbul, Turkey. The University is supported by the Vehbi Koç Foundation and is committed to the pursuit of excellence in both teaching and research. The medium of instruction is English.

Applicants should send a cover letter, a current CV, and a statement of teaching interests to comp-instructor23-group@ku.edu.tr. Please include the names and email addresses of at least three references in your application. All applications completed by December 15, 2023, will receive full consideration, but candidates are urged to submit all required materials as soon as possible. Applications will be reviewed until the positions are filled.

Closing date for applications:

Contact: comp-instructor23-group@ku.edu.tr

More information: https://cs.ku.edu.tr/open-positions/faculty-positions/

Koç University College of Engineering invites applications for Full-time Faculty positions in Computer Science and Engineering starting in Fall 2024. Outstanding applicants with strong theoretical research contributions in all areas of computer science and engineering are invited to apply for the position. The ideal candidates are expected to have a visionary research agenda with an exceptional track record in research and publication, demonstrating a deep commitment to academic excellence and innovation; together with a keen commitment to teaching and learning.

Faculty members are expected to teach undergraduate and graduate courses in addition to maintaining a vigorous research program, collaborating across multiple disciplines, and leveraging the research infrastructure of Koç University such as Koç University Is Bank Artificial Intelligence Research Center (KUIS AI) and Koç University Translational Medicine Research Center (KUTTAM).

Koç University is a private, nonprofit institution located on a state-of-the-art campus in Istanbul, Turkey. The medium of instruction is English. Koç University hosts the highest number of European Research Council (ERC) Grant recipients and continues to receive the largest total amount of research funding from Horizon 2020 in the nation.

We are looking for outstanding individuals who are able to build strong research and teaching programs and who can develop into intellectual leaders. It is also important that the candidates interact closely with colleagues across different disciplines and contribute positively to the successful advancement of the College. We offer a competitive salary and benefit package (e.g., housing support, private insurance, K12 package, research startup support).

Applicants should submit their application online at Academic Jobs Online: CV, a statement of teaching interests, a description of the proposed research program, and the names and addresses of at least three references. The evaluation of applications will commence in mid-January and will continue until the positions are filled. All applications will be considered and treated confidentially.

Closing date for applications:

Contact: Questions regarding the position can be directed to Asst. Prof. Gözde Gül Şahin (gosahin{at}ku.edu.tr) and Assoc. Prof. Aykut Erdem (aerdem{at}ku.edu.tr) chair of this faculty search committee.

More information: https://academicjobsonline.org/ajo/jobs/26651

Threshold Implementation (TI) is a well-known Boolean masking technique that provides provable security against side-channel attacks. In the presence of glitches, the probing model was replaced by the so-called glitch-extended probing model which specifies a broader security framework. In CHES 2021, Shahmirzadi et al. introduced a general search method for finding first-order 2-share TI schemes without fresh randomness (under the presence of glitches) for a given encryption algorithm. Although it handles well single-output Boolean functions, this method has to store output shares in registers when extended to vector Boolean functions, which results in more chip area and increased latency. Therefore, the design of TI schemes that have low implementation cost under the glitch-extended probing model appears to be an important research challenge. In this paper, we propose an approach to design the first-order glitch-extended probing secure TI schemes when quadratic functions are employed in the substitution layer. This method only requires a small amount of fresh random bits and a single clock cycle for its implementation. In particular, the random bits in our approach are reusable and compatible with the changing of the guards technique. Our dedicated TI scheme for the AES cipher gives 20.23% smaller implementation area and 4.2% faster encryption compared to the TI scheme of AES (without using fresh randomness) proposed in CHES 2021. Additionally, we propose a parallel implementation of two S-boxes that further reduces latency (about 39.83%) at the expense of increasing the chip area by 9%. We have positively confirmed the security of AES under the glitch-extended probing model using the verification tool - SILVER and the side-channel leakage assessment method - TVLA.

Decentralized Finance, mushrooming in permissionless blockchains, has attracted a recent surge in popularity. Due to the transparency of permissionless blockchains, opportunistic traders can compete to earn revenue by extracting Miner Extractable Value (MEV), which undermines both the consensus security and efficiency of blockchain systems. The Flashbots bundle mechanism further aggravates the MEV competition because it empowers opportunistic traders with the capability of designing more sophisticated MEV extraction. In this paper, we conduct the first systematic study on DeFi MEV activities in Flashbots bundle by developing ActLifter, a novel automated tool for accurately identifying DeFi actions in transactions of each bundle, and ActCluster, a new approach that leverages iterative clustering to facilitate us to discover known/unknown DeFi MEV activities. Extensive experimental results show that ActLifter can achieve nearly 100% precision and recall in DeFi action identification, significantly outperforming state-of-the-art techniques. Moreover, with the help of ActCluster, we obtain many new observations and discover 17 new kinds of DeFi MEV activities, which occur in 53.12% of bundles but have not been reported in existing studies.

The general quantum approximate optimization algorithm (QAOA) produces approximate solutions for combinatorial optimization problems. The algorithm depends on a positive integer $p$ and the quality of approximation improves as $p$ is increased. In this note, we put some questions about the general QAOA. We also find the recursive QAOA for MaxCut problem is flawed because all quantum gates involved in the algorithm are single qubit gates. No any entangling gate is used, which results in that the quantum computing power cannot be certified for the problem.

This report analyzes the 16 submissions to the Korean post-quantum cryptography (KpqC) competition.

The security of code-based cryptography relies primarily on the hardness of decoding generic linear codes. Until very recently, all the best algorithms for solving the decoding problem were information set decoders ($\mathsf{ISD}$). However, recently a new algorithm called RLPN-decoding which relies on a completely different approach was introduced and it has been shown that RLPN outperforms significantly $\mathsf{ISD}$ decoders for a rather large range of rates. This RLPN decoder relies on two ingredients, first reducing decoding to some underlying LPN problem, and then computing efficiently many parity-checks of small weight when restricted to some positions. We revisit RLPN-decoding by noticing that, in this algorithm, decoding is in fact reduced to a sparse-LPN problem, namely with a secret whose Hamming weight is small. Our new approach consists this time in making an additional reduction from sparse-LPN to plain-LPN with a coding approach inspired by $\mathsf{coded}$-$\mathsf{BKW}$. It outperforms significantly the $\mathsf{ISD}$'s and RLPN for code rates smaller than $0.42$. This algorithm can be viewed as the code-based cryptography cousin of recent dual attacks in lattice-based cryptography. We depart completely from the traditional analysis of this kind of algorithm which uses a certain number of independence assumptions that have been strongly questioned recently in the latter domain. We give instead a formula for the LPN noise relying on duality which allows to analyze the behavior of the algorithm by relying only on the analysis of a certain weight distribution. By using only a minimal assumption whose validity has been verified experimentally we are able to justify the correctness of our algorithm. This key tool, namely the duality formula, can be readily adapted to the lattice setting and is shown to give a simple explanation for some phenomena observed on dual attacks in lattices in [DP23].

The existence of a quantum computer is one of the most significant threats cryptography has ever faced. However, it seems that real world protocols received little attention so far with respect to their future security. Indeed merely relying upon post-quantum primitives may not suffice in order for a security protocol to be resistant in a full quantum world. In this paper, we consider the fundamental UMTS key agreement used in 3G but also in 4G (LTE), and in the (recently deployed) 5G technology. We analyze the protocol in a quantum setting, with quantum communications (allowing superposition queries by the involved parties), and where quantum computation is granted to the adversary. We prove that, assuming the underlying symmetric-key primitive is quantum-secure, the UMTS key agreement is also quantum-secure. We also give a quantum security analysis of the underlying primitives, namely Milenage and TUAK. To the best of our knowledge this paper provides the first rigorous proof of the UMTS key agreement in a strong quantum setting. Our result shows that in the quantum world to come, the UMTS technology remains a valid scheme in order to secure the communications of billions of users.

The Dual-Sieve Attack on Learning with Errors (LWE), or more generally Bounded Distance Decoding (BDD), has seen many improvements in the recent years, and ultimately led to claims that it outperforms the primal attack against certain lattice-based schemes in the PQC standardization process organised by NIST. However, the work of Ducas--Pulles (Crypto '23) revealed that the so-called "Independence Heuristic", which all recent dual attacks used, leads to wrong predictions in a contradictory regime, which is relevant for the security of cryptoschemes. More specifically, the stated distributions of scores for the actual solution and for incorrect candidates were both incorrect.

In this work, we propose to use the weaker heuristic that the output vectors of a lattice sieve are uniformly distributed in a ball. Under this heuristic, we give an analysis of the score distribution in the case of an error of fixed length. Integrating over this length, we extend this analysis to any radially distributed error, in particular the gaussian as a fix for the score distribution of the actual solution. This approach also provides a prediction for the score of incorrect candidates, using a ball as an approximation of the Voronoi cell of a lattice.

We compare the predicted score distributions to extensive experiments, and observe them to be qualitatively and quantitatively quite accurate. This constitutes a first step towards fixing the analysis of the dual-sieve attack: we can now accurately estimate false-positives and false-negatives. Now that the analysis is fixed, one may consider how to fix the attack itself, namely exploring the opportunities to mitigate a large number of false-positives.