International Association
for Cryptologic Research

ISML has conducted research in a range of areas including artificial intelligence, cyber security and cryptography. We are extending our areas to emerging areas such as quantum computing. Post-doctoral research fellows are welcome from computer science/engineering, electric/electronics, and mathematics/statistics. Applicants with good high-impact journal publication records are encouraged to send their CVs via to Professor Seong Oun Hwang (seongoun.hwang at gmail.com).

Closing date for applications:

Contact: Professor Seong Oun Hwang (seongoun.hwang at gmail.com)

More information: https://ai-security.github.io/index_e.htm

Meta is looking for several PhD interns with expertise in Cryptography, more specifically in

• Privacy-Enhancing Technologies Involving De-Identification, Anonymization, and Encryption
• Honest-Majority MPC and Non-Malleable Encryption

Basic coding skills are a requirement which will be assessed during the application process since the internships are categorized as a general software engineering internship (PhD) at Meta.
However, most important is the cryptographic expertise of the candidate.

Please use the provided link for applying for this position. The link also offers PoCs for questions about the application process.

Closing date for applications:

Contact: For other questions: Daniel Masny dmasny@meta.com

More information: https://www.metacareers.com/v2/jobs/2313453352176132/

Salary: 45,585 to 54,395 GBP

Closing Date: Sunday 07 January 2024

At the Computer Science Research Centre in the University of Surrey we are seeking to appoint a number of Lecturers in Computer Science to strengthen our research and ambitious strategic growth. These appointments are on a full-time and permanent basis.

We are particularly looking for applicants in one of the following areas:

• Software Security
• Natural Language Processing
• Human Factors/Usability
• The interface between Artificial Intelligence and Security

The post holders will be expected to contribute to undergraduate or MSc teaching on the Computer Science BSc and MSc programmes.

Our staff and students come from all over the world and we are proud of our friendly and inclusive culture. The University and the Department specifically are committed to building a culturally diverse organisation. Applications are strongly encouraged from female and minority candidates.

Closing date for applications:

Contact: Informal inquiries can be directed to the Director of the Computer Science Research Centre, Professor Steve Schneider at s.schneider@surrey.ac.uk.

More information: https://jobs.surrey.ac.uk/Vacancy.aspx?id=13713

Constant-time C software for various post-quantum KEMs has been submitted by the KEM design teams to the SUPERCOP testing framework. The ref/*.c and ref/*.h files together occupy, e.g., 848 lines for ntruhps4096821, 928 lines for ntruhrss701, 1316 lines for sntrup1277, and 2613 lines for kyber1024.

It is easy to see that these numbers overestimate the inherent complexity of software for these KEMs. It is more difficult to systematically measure this inherent complexity.

This paper takes these KEMs as case studies and applies consistent rules to streamline the ref software for the KEMs, while still passing SUPERCOP's tests and preserving the decomposition of specified KEM operations into functions. The resulting software occupies 381 lines for ntruhps4096821, 385 lines for ntruhrss701, 472 lines for kyber1024, and 478 lines for sntrup1277. This paper also identifies the external subroutines used in each case, identifies the extent to which code is shared across different parameter sets, quantifies various software complications specific to each KEM, and finds secret-dependent timings in kyber*/ref.

This work investigates the security of the Ascon authenticated encryption scheme in the context of fault attacks, with a specific focus on Differential Fault Analysis (DFA). Motivated by the growing significance of lightweight cryptographic solutions, particularly Ascon, we explore potential vulnerabilities in its design using DFA. By employing a novel approach that combines faulty forgery in the decryption query under two distinct fault models, leveraging bit-flip faults in the first phase and bit-set faults in the second, we successfully recover the complete Ascon key. This study sheds light on the impact of key whitening in the final permutation call and discusses potential threats when this safeguard is absent. Additionally, we consider the implications of injecting multiple bit-flip faults at the S-box input, suggesting alternative strategies for compromising the state space. Our findings contribute valuable insights into the gray-box security landscape of Ascon, emphasizing the need for robust defenses to ensure the integrity and resilience of lightweight cryptographic primitives against diverse fault attacks.

In recent years, deep learning-based side-channel analysis (DLSCA) has become an active research topic within the side-channel analysis community. The well-known challenge of hyperparameter tuning in DLSCA encouraged the community to use methods that reduce the effort required to identify an optimal model. One of the successful methods is ensemble learning. While ensemble methods have demonstrated their effectiveness in DLSCA, particularly with AES-based datasets, their efficacy in analyzing symmetric-key cryptographic primitives with different operational mechanics remains unexplored. Ascon was recently announced as the winner of the NIST lightweight cryptography competition. This will lead to broader use of Ascon and a crucial requirement for thorough side-channel analysis of its implementations. With these two considerations in view, we utilize an ensemble of deep neural networks to attack two implementations of Ascon. Using an ensemble of five multilayer perceptrons or convolutional neural networks, we could find the secret key for the Ascon-protected implementation with less than 3 000 traces. To the best of our knowledge, this is the best currently known result. We can also identify the correct key with less than 100 traces for the unprotected implementation of Ascon, which is on par with the state-of-the-art results.

The Automatic Certificate Management Environment protocol (ACME) has significantly contributed to the widespread use of digital certificates in safeguarding the authenticity and privacy of Internet data. These certificates are required for implementing the Transport Layer Security (TLS) protocol. However, it is well known that the cryptographic algorithms employed in these certificates will become insecure with the emergence of quantum computers. This study assesses the challenges in transitioning ACME to the post-quantum landscape using Post-Quantum Cryptography (PQC). To evaluate the cost of ACME's PQC migration, we create a simulation environment for issuing PQC-only and hybrid digital certificates. Our experiments reveal performance drawbacks associated with the switch to PQC or hybrid solutions. However, considering the high volume of certificates issued daily by organizations like Let's Encrypt, the performance of ACME is of utmost importance. To address this concern, we propose a novel challenge method for ACME. Compared to the widely used HTTP-01 method, our findings indicate an average PQC certificate issuance time that is 4.22 times faster, along with a potential reduction of up to 35% in communication size.

Instant Runoff Voting (IRV) is one example of ranked-choice voting. It provides many known benefits when used in elections, such as minimising vote splitting, ensuring few votes are wasted, and providing resistance to strategic voting. However, the voting and tallying procedures for IRV are much more complicated than those of plurality and are both error-prone and tedious. Many automated systems have been proposed to simplify these procedures in IRV. Some of these also employ cryptographic techniques to protect the secrecy of ballots and enable verification of the tally. Nearly all of these cryptographic systems require a set of trustworthy tallying authorities (TAs) to perform the decryption of votes and/or running of mix servers, which adds significant complexity to the implementation and election management. We address this issue by proposing Camel: an E2E verifiable solution for IRV that requires no TAs. Camel employs a novel representation and a universally verifiable shifting procedure for ballots that facilitate the elimination of candidates as required in an IRV election. We combine these with a homomorphic encryption scheme and zero-knowledge proofs to protect the secrecy of the ballots and enable any party to verify the well-formedness of the ballots and the correctness of the tally in an IRV election. We examine the security of Camel and prove it maintains ballot secrecy by limiting the learned information (namely the tally) against a set of colluding voters.

Aggregation of message authentication codes (MACs) is a proven and efficient method to preserve valuable bandwidth in resource-constrained environments: Instead of appending a long authentication tag to each message, the integrity protection of multiple messages is aggregated into a single tag. However, while such aggregation saves bandwidth, a single lost message typically means that authentication information for multiple messages cannot be verified anymore. With the significant increase of bandwidth-constrained lossy communication, as applications shift towards wireless channels, it thus becomes paramount to study the impact of packet loss on the diverse MAC aggregation schemes proposed over the past 15 years to assess when and how to aggregate message authentication. Therefore, we empirically study all relevant MAC aggregation schemes in the context of lossy channels, investigating achievable goodput improvements, the resulting verification delays, processing overhead, and resilience to denial-of-service attacks. Our analysis shows the importance of carefully choosing and configuring MAC aggregation, as selecting and correctly parameterizing the right scheme can, e.g., improve goodput by 39% to 444%, depending on the scenario. However, since no aggregation scheme performs best in all scenarios, we provide guidelines for network operators to select optimal schemes and parameterizations suiting specific network settings.

You can now submit your papers to the very first edition of the IACR Communications in Cryptology.

Submission deadline: Jan 8, 2024 at 11:59pm Anywhere on Earth (AoE).

The Lund Crypto and Security Group offers four new PhD positions, two in cryptography and two in computer security.

The research topics include side-channel attacks on symmetric and post-quantum cryptographic algorithms, the mathematical foundations of fully homomorphic encryption (FHE) and its safe implementation, and security for dynamic resource allocation in next-generation mobile networks. Senior researchers will be active in the projects and provide supervision.

The main duties of doctoral students are to devote themselves to their research studies, which includes participating in research projects and third cycle courses. The work duties will also include teaching and other departmental duties (no more than 20%).

Third-cycle studies at LTH consist of full-time studies for 4 years. A doctoral studentship is a fixed-term employment of a maximum of 5 years (including 20% departmental duties).

More information can be found in: https://lu.varbi.com/what:job/jobID:679799/

Closing date for applications:

Contact: Christian Gehrmann (christian.gehrmann@eit.lth.se); Thomas Johansson (thomas.johansson@eit.lth.se)

More information: https://lu.varbi.com/what:job/jobID:679799/

Do you live in the terminal? Do you like programming? Do you enjoy tinkering with rando embedded devices? Do you have a passion for security geared towards one or more of these topics?

• side-channel analysis
• applied cryptography
• software security
• hardware-assisted security

If so, this might be the right opportunity for you! To apply for this fully-funded position, please e-mail your motivation letter, CV, and transcript.

Closing date for applications:

Contact: Billy Brumley (bbbics at rit dot edu)

The Universitat Oberta de Catalunya (UOC) is a leading university of quality online education that is rooted in Barcelona and open to the world. It offers people lifelong learning to help them and society advance, while carrying out research into the knowledge society. It is the 2nd Spanish-speaking online educational institution in the world with more than 80.000 students in the academic year 2022/2023.

KISON is a research group focused on creating technologies for the protection of the security of networks, the information transmitted through them and the privacy of their users. The KISON group research lines focus on the compatibility of the security of decentralized networks (e.g. ad-hoc, IoT networks, 5G/6G) and the protection of information in the Internet (especially multimedia contents) with users' rights to privacy.

Applications are invited for a 3-year predoctoral grant in the Network and Information Technologies doctoral programme. Reserach lines are:

Cybersecurity in 5G/6G networks

Security in Cyber-physical Systems

User-centered privacy-enhancing technologies

Security and Privacy in the Internet of Things

Digital media security, privacy and forensics

Blockchain

Malware Detection Using Machine Learning Algorithms

Tampering detection in multimedia content

Digital Chain of Custody in computer forensics

More details on research lines:
https://www.uoc.edu/portal/en/escola-doctorat/linies-recerca/linies-nit/information-network/index.html

The candidate should have completed his/her master´s degree by July 2024 in computer science, telecommunications, or a related area.
The starting date will be Sept. 2024.

Full details:
https://www.uoc.edu/portal/en/escola-doctorat/beques/beques-uoc-escola-doctorat/index.html
Deadline: 12/02/2024

Closing date for applications:

Contact: Helena Rifà-Pous

More information: https://www.uoc.edu/en/studies/doctorates/doctorate-technologies-information-networks

We are looking for a Doctoral researcher in lattice-based cryptography located at the Aalto University Otaniemi campus.

Broadly, the PhD study may include the following depending on the skills and interests of the candidate: studying the hardness and relations of underlying mathematical problems, constructing and analysing lattice-based cryptographic schemes, proving theoretical impossibilities, implementing software libraries, performing concrete efficiency evaluation, etc.

We are looking for candidates who have recently completed, or will soon complete, a Master’s degree in cryptography, mathematics, computer science, or other relevant fields of studies. The success candidate will have strong background in mathematics and computer science, especially in areas relevant to the position. Good communication skills and fluent written and spoken English are required.

To apply, please visit:
https://aalto.wd3.myworkdayjobs.com/aalto/job/Otaniemi-Espoo-Finland/Doctoral-Researcher-in-Lattice-based-Cryptography_R38062

Closing date for applications:

Contact:
Russell Lai, e-mail "firstname.lastname@aalto.fi" (research related information)
Susanna Holma, e-mail "firstname.lastname@aalto.fi" (recruitment process)

More information: https://aalto.wd3.myworkdayjobs.com/aalto/job/Otaniemi-Espoo-Finland/Doctoral-Researcher-in-Lattice-based-Cryptography_R38062

In this work, we introduce FANNG-MPC, a versatile secure multi-party computation framework capable to offer active security for privacy preserving machine learning as a service (MLaaS). Derived from the now deprecated SCALE-MAMBA, FANNG is a data-oriented fork, featuring novel set of libraries and instructions for realizing private neural networks, effectively reviving the popular framework. To the best of our knowledge, FANNG is the first MPC framework to offer actively secure MLaaS in the dishonest majority setting, specifically two parties.

FANNG goes beyond SCALE-MAMBA by decoupling offline and online phases and materializing the dealer model in software, enabling a separate set of entities to produce offline material. The framework incorporates database support, a new instruction set for pre-processed material, including garbled circuits and convolutional and matrix multiplication triples. FANNG also implements novel private comparison protocols and an optimized library supporting Neural Network functionality. All our theoretical claims are substantiated by an extensive evaluation using an open-sourced implementation, including the private evaluation of popular neural networks like LeNet and VGG16.

Private computation of nonlinear functions, such as Rectified Linear Units (ReLUs) and max-pooling operations, in deep neural networks (DNNs) poses significant challenges in terms of storage, bandwidth, and time consumption. To address these challenges, there has been a growing interest in utilizing privacy-preserving techniques that leverage polynomial activation functions and kernelized convolutions as alternatives to traditional ReLUs. However, these alternative approaches often suffer from a trade-off between achieving faster private inference (PI) and sacrificing model accuracy. In particular, when applied to much deeper networks, these methods encounter training instabilities, leading to issues like exploding gradients (resulting in NaNs) or suboptimal approximations. In this study, we focus on PolyKervNets, a technique known for offering improved dynamic approximations in smaller networks but still facing instabilities in larger and more complex networks. Our primary objective is to empirically explore optimization-based training recipes to enhance the performance of PolyKervNets in larger networks. By doing so, we aim to potentially eliminate the need for traditional nonlinear activation functions, thereby advancing the state-of-the-art in privacy-preserving deep neural network architectures.

In this brief note, we flesh out some details of the recently proposed Simplex atomic broadcast protocol, and modify it so that leaders disperse blocks in a more communication efficient fashion, while maintaining the simplicity and excellent latency characteristics of the protocol.

Cryptocurrency networks crucially rely on digital signature schemes, which are used as an authentication mechanism for transactions. Unfortunately, most major cryptocurrencies today, including Bitcoin and Ethereum, employ signature schemes that are susceptible to quantum adversaries, i.e., an adversary with access to a quantum computer can forge signatures and thereby spend coins of honest users. In cryptocurrency networks, signature schemes are typically not executed in isolation, but within a so-called cryptographic wallet. In order to achieve security against quantum adversaries, the signature scheme and the cryptographic wallet must withstand quantum attacks.

In this work, we advance the study on post-quantum secure signature and wallet schemes. That is, we provide the first formal model for deterministic threshold wallets and we show a generic post-quantum secure construction from any post-quantum secure threshold signature scheme with rerandomizable keys. We then instantiate our construction from the isogeny-based signature scheme CSI-FiSh and we show that our instantiation significantly improves over prior work.

In this work, we present the first low-latency, second-order masked hardware implementation of Ascon that requires no fresh randomness using only $d+1$ shares. Our results significantly outperform any publicly known second-order masked implementations of AES and Ascon in terms of combined area, latency and randomness requirements. Ascon is a family of lightweight authenticated encryption and hashing schemes selected by NIST for standardization. Ascon is tailored for small form factors. It requires less power and energy while attaining the same or even better performance than current NIST standards. We achieve the reduction of latency by rearranging the linear layers of the Ascon permutation in a round-based implementation. We provide an improved technique to achieve implementations without the need for fresh randomness. It is based on the concept of changing of the guards extended to the second-order case. Together with the reduction of latency, we need to consider a large set of additional conditions which we propose to solve using a SAT solver. We have formally verified both, our first- and second-order implementations of Ascon using CocoAlma for the first two rounds. Additionally, we have performed a leakage assessment using t-tests on all 12 rounds of the initial permutation. Finally, we provide a comparison of our second-order masked Ascon implementation with other results.

In this report, we perform an in-depth analysis of the RSA authentication feature used in the secure boot procedure of Xilinx Zynq-7000 SoC device. The First Stage Boot Loader (FSBL) is a critical piece of software executed during secure boot, which utilizes the RSA authentication feature to validate all the hardware and software partitions to be mounted on the device. We analyzed the implementation of FSBL (provided by Xilinx) for the Zynq-7000 SoC and identified a critical security flaw, whose exploitation makes it possible to load an unauthenticated application onto the Zynq device, thereby bypassing RSA authentication. We also experimentally validated the presence of the vulnerability through a Proof of Concept (PoC) attack to successfully mount an unauthenticated software application on an RSA authenticated Zynq device. The identified flaw is only present in the FSBL software and thus can be easily fixed through appropriate modification of the FSBL software. Thus, the first contribution of our work is the identification of a critical security flaw in the FSBL software to bypass RSA authentication.

Upon bypassing RSA authentication, an attacker can mount any unauthenticated software application on the target device to mount a variety of attacks. Among the several possible attacks, we are interested to perform recovery of the encrypted bitstream in the target boot image of the Zynq-7000 device. To the best of our knowledge, there does not exist any prior work that has reported a practical bitstream recovery attack on the Zynq-7000 device. In the context of bitstream recovery, Ender et al. in 2020 proposed the Starbleed attack that is applicable to standalone Virtex-6 and 7-series Xilinx FPGAs. The design advisory provided by Xilinx as a response to the Starbleed attack claims that the Zynq-7000 SoC is resistant “due to the use of asymmetric and/or symmetric authentication in the boot/configuration process that ensures configuration is authenticated prior to use". Due to the security flaw found in the FSBL, we managed to identify a novel approach to mount the Starbleed attack on the Zynq-7000 device for full bitstream recovery. Thus, as a second contribution of our work, we present the first practical demonstration of the Starbleed attack on the Zynq-7000 SoC. We perform experimental validation of our proposed attacks on the PYNQ-Z1 platform based on the Zynq-7000 SoC.