International Association
for Cryptologic Research

A file system provides secure deletion if, after a file is deleted, an attacker with physical possession of the storage device cannot recover any data from the deleted file. Unfortunately, secure deletion is not provided by commodity file systems. Even file systems which explicitly desire to provide secure deletion are challenged by the subtleties of hardware controllers on modern storage devices; those controllers obscure the mappings between logical blocks and physical blocks, silently duplicate physical blocks, and generally make it hard for host-level software to make reliable assumptions about how file data is kept on the device. State-of-the-art frameworks for secure deletion also have no crash consistency, meaning that an ill-timed power outage or software fault will desynchonize keys and the associated encrypted file data, corrupting the file system.

In this paper, we present Holepunch, a new software-level approach for implementing secure deletion. Holepunch treats the storage device as a black box, providing secure deletion via cryptographic erasure. Holepunch uses per-file keys to transparently encrypt outgoing file writes and decrypt incoming file reads, ensuring that all physical data in the storage device is always encrypted. Holepunch uses puncturable pseudorandom functions (PPRFs) to quickly access file keys; upon the deletion of file $f$, Holepunch updates the PPRF so that, even if the PPRF is recovered, the PPRF cannot be used to generate $f$'s key. By using PPRFs instead of the key trees leveraged by prior work, Holepunch reduces both the memory pressure caused by key management and the number of disk IOs needed to access files. Holepunch stores its master key in secure TPM storage, and uses a novel journaling scheme to provide crash consistency between TPM state and on-disk state.

Modern secure messaging protocols typically aim to provide deniability. Achieving this requires that convincing cryptographic transcripts can be forged without the involvement of genuine users. In this work, we observe that parties may wish to revoke deniability and avow a conversation after it has taken place. We propose a new protocol called Not-on-the-Record-Yet (NOTRY) which enables users to prove a prior conversation transcript is genuine. As a key building block we propose avowable designated verifier proofs which may be of independent interest. Our implementation incurs roughly 8× communication and computation overhead over the standard Signal protocol during regular operation. We find it is nonetheless deployable in a realistic setting as key exchanges (the source of the overhead) still complete in just over 1ms on a modern computer. The avowal protocol induces only constant computation and communication performance for the communicating parties and scales linearly in the number of messages avowed for the verifier—in the tens of milliseconds per avowal.

Hard lattice problems are predominant in constructing post-quantum cryptosystems. However, we need to continue developing post-quantum cryptosystems based on other quantum hard problems to prevent a complete collapse of post-quantum cryptography due to a sudden breakthrough in solving hard lattice problems. Solving large multivariate quadratic systems is one such quantum hard problem.

Unbalanced Oil-Vinegar is a signature scheme based on the hardness of solving multivariate equations. In this work, we present a post-quantum digital signature algorithm VDOO (Vinegar-Diagonal-Oil-Oil) based on solving multivariate equations. We introduce a new layer called the diagonal layer over the oil-vinegar-based signature scheme Rainbow. This layer helps to improve the security of our scheme without increasing the parameters considerably. Due to this modification, the complexity of the main computational bottleneck of multivariate quadratic systems i.e. the Gaussian elimination reduces significantly. Thus making our scheme one of the fastest multivariate quadratic signature schemes. Further, we show that our carefully chosen parameters can resist all existing state-of-the-art attacks. The signature sizes of our scheme for the National Institute of Standards and Technology's security level of I, III, and V are 96, 226, and 316 bytes, respectively. This is the smallest signature size among all known post-quantum signature schemes of similar security.

Event date: 10 April to 12 April 2024
Submission deadline: 26 January 2024

Event date: 11 March to 15 March 2024

The Opportunity: The successful candidate will contribute to the formal security specification and design of cryptographic protocols in the Open Finance area. In Open Finance we envision multiple entities, each holding private data, that want to perform joint computation over this data to offer to customers the best possible financial products. The main goal of the project is to investigate what are the security requirements for Open Finance, and then provide a formal security specification (e.g., in the Universal Composable framework) of such a system. The successful candidate will then work on designing a protocol that matches this security definition, and in the final stage of the project, will implement part of the system, focusing on a specific use case. The candidate will be supported by members of the Business School to successfully complete the first phase of the project related to understanding the basic security requirements of an Open Finance system. The majority of the project will be related to the formal design of the system that will be supported by members of the School of Informatics. The project is funded by Input-Output Global. Candidates must have a Ph.D. (or nearing completion) in cryptography or related fields. Evidence of strong research experience as demonstrated through publications at top-tier conferences or high-impact journals is essential. We are looking for a highly motivated candidate with strong initiative and commitment to excellence, and an ability to conduct world-class research. For more info, we refer to the application page.

Application deadline 16/01/2024 23:59 GMT

Closing date for applications:

Contact: Michele Ciampi michele.ciampi@ed.ac.uk

More information: https://elxw.fa.em3.oraclecloud.com/hcmUI/CandidateExperience/en/sites/CX_1001/job/9280

We are looking for a highly motivated post-doctoral researcher in post-quantum cryptography with particular emphasis on multivariate-based cryptography.
As a recent response to the recent NIST call for new post-quantum secure signature schemes, 11 multivariate-based signature schemes were submitted. The goal of the post-doc is to focus on cryptanalysis of these submissions and more specifically on methods from algebraic geometry that can aid in breaking said systems.
Specific Skills Required: The candidate should hold a PhD degree in mathematics and/or computer science, preferably with experience in algebraic geometry and with multivariate cryptography in particular.
The position is for 1 year (with a possible extension of an extra year depending on performance) and can start on any date after 01/01/2024. You can apply for this job until 31/01/2024.

Closing date for applications:

Contact: frederik.vercauteren[at]esat.kuleuven.be

More information: https://www.esat.kuleuven.be/cosic/vacancies/

Indiana University Bloomington (IUB) invites applications for multiple, open rank tenured/tenure-track faculty positions in the field of cybersecurity in the Luddy School of Informatics, Computing, and Engineering; the Kelley School of Business; and the O’Neill School of Public and Environmental Affairs These 10‐month appointments would ideally start August 1, 2024, although the start date is negotiable. These positions are located on the campus of Indiana University, Bloomington. This is an opportunity for a leader interested in shaping the future of cybersecurity in key areas of strength at Indiana University. Of course junior faculty applicants are not expected to be PIs but to have a research agenda with clear potential and plans to pursue external funding.

Closing date for applications:

Contact: faculty1@indiana.edu

More information: https://indiana.peopleadmin.com/postings/21666

We are looking for two bright and motivated PhD students for two 3-year fully funded PhD positions starting 1 June 2024 (negotiable). The project is financed by the Independent Research Fund Denmark, and it is a collaboration between DTU, the University of Cambridge (UK), the Royal Holloway University of London (UK), and Stony Brook University (USA). It is an excellent opportunity to be involved in advanced research on cyber-security and cyber-deception, with important practical applications.

The two positions are part of the project Loki: Situational aware collaborative bio-inspired cyber-deception. This project, inspired by Norse mythology, with Loki being a shape-shifter god and a master of trickery, aims at redefining and evolving the emerging field of cyber-deception. Here, we attempt to deceive attackers by creating fake vulnerable systems that are aware of their surroundings and are constantly shifting. The project takes inspiration from nature (e.g., from the mimicry phenomenon) to synthesize sophisticated deception.

Closing date for applications:

Contact: Emmanouil Vasilomanolakis

More information: https://efzu.fa.em2.oraclecloud.com/hcmUI/CandidateExperience/en/sites/CX_1/job/2909/?utm_medium=jobshare

We are looking for motivated, bright, and hard-working students who wish to pursue a PhD in Cryptography. The main areas of focus are zero-knowledge proofs, oblivious primitives on Trusted Execution Environments (Intel SGX, ARM TrustZone, etc.), and encrypted database query evaluation; other areas of cryptography are also possible. Ideal candidates have prior knowledge of implementing cryptographic primitives and a solid background in theoretical computer science (complexity analysis, reduction proofs, etc.). Experience in programming for TEEs is also a big plus. Interested candidates send an e-mail with your latest CV and a short paragraph on your topics of interest.

Closing date for applications:

Contact: Prof. Dimitrios Papadopoulos (dipapado at cse.ust.hk)

We are looking for a Postdoctoral Researcher who wants to join the cryptography group in the CSE Section at DTU. The successful candidate will work on the QUID-PRO project in the field of Threshold Post-Quantum Cryptography. The position will start on May 1st 2024 or later and be for two years. The candidate should hold a PhD degree in Computer Science or a related field and have a strong record related to any of the following research topics: threshold cryptography, cryptographic protocols, post-quantum cryptography.

Responsibilities and qualifications

The successful candidate will work alongside the 4 permanent researchers and currently 6 PhD students in the Cryptography Group at DTU. The main task is to explore novel efficient threshold protocols which potentially remain secure against quantum attackers or other long-term attacks. Student (bachelor/master) or PhD co-supervision can be done if desired by the candidate but is not mandatory. There is no teaching requirement, although the candidate may conduct individual lectures if desired.
The ideal candidate has:

• PhD (or equivalent) in computer science or a related field, with a specialization on cryptographic protocols, threshold cryptography or post-quantum cryptography.
• Profound knowledge and experience in either cryptographic protocols such as multiparty computation and threshold protocols, or post-quantum cryptography such as lattice-based cryptography, isogeny-based cryptography or other post-quantum techniques.
• Strong track record with publications at competitive academic conferences or journals
• Very good written and oral English skills
• Software engineering experience is not necessary, but a plus.

Salary and terms of employment

The appointment will be based on the collective agreement with the Danish Confederation of Professional Associations. The allowance will be agreed upon with the relevant union. The position will start on 1 May 2024 or later and be for two years.

Closing date for applications:

Contact: Carsten Baum

More information: https://efzu.fa.em2.oraclecloud.com/hcmUI/CandidateExperience/en/sites/CX_1/job/2888/?utm_medium=jobshare

We are looking for a bright, ambitious, and motivated PhD student to join the cryptography group in the Cybersecurity Engineering Section at DTU Compute in the Copenhagen region of Denmark. The 3-year PhD position will preferably start on June 1st 2024 or thereafter. The goal of the PhD project is to improve the state of threshold post-quantum cryptography. You will join the growing cryptography team at DTU and be able to work with researchers in- and outside of the Copenhagen region and Denmark.

Responsibilities and qualifications

Your main task will be to design new threshold cryptographic algorithms with post-quantum security.
You will investigate distributed alternatives to existing post-quantum algorithms such as Dilithium, Falcon and Picnic, and the long-term security of threshold cryptography, in particular with respect to proactive and post-quantum security. To succeed in this research effort, you will gain familiarity with:

• post-quantum cryptographic primitives such as signatures or OPRFs
• threshold cryptographic techniques such as secret sharing and multiparty computation
• cryptographic foundations of post-quantum cryptography such as lattices, MPC-in-the-head, FHE and similar tools

In addition to the research project, you will conduct a limited amount of small-class teaching during your PhD period.
As formal qualification, you must have a two-year master's degree (120 ECTS points) or a similar degree with an academic level equivalent to a two-year master's degree.
Furthermore, to ensure a smooth start into the project, it is preferable that you have previous experience with either threshold or post-quantum cryptography.

Salary and appointment terms

The appointment will be based on the collective agreement with the Danish Confederation of Professional Associations. The allowance will be agreed upon with the relevant union. The period of employment is 3 years.
The position is a full-time position and the starting date is 1 June 2024 or according to mutual agreement.

Closing date for applications:

Contact: Carsten Baum

More information: https://efzu.fa.em2.oraclecloud.com/hcmUI/CandidateExperience/da/sites/CX_1/job/2872/

ISML has conducted research in a range of areas including artificial intelligence, cyber security and cryptography. We are extending our areas to emerging areas such as quantum computing. Post-doctoral research fellows are welcome from computer science/engineering, electric/electronics, and mathematics/statistics. Applicants with good high-impact journal publication records are encouraged to send their CVs via to Professor Seong Oun Hwang (seongoun.hwang at gmail.com).

Closing date for applications:

Contact: Professor Seong Oun Hwang (seongoun.hwang at gmail.com)

More information: https://ai-security.github.io/index_e.htm

Meta is looking for several PhD interns with expertise in Cryptography, more specifically in

• Privacy-Enhancing Technologies Involving De-Identification, Anonymization, and Encryption
• Honest-Majority MPC and Non-Malleable Encryption

Basic coding skills are a requirement which will be assessed during the application process since the internships are categorized as a general software engineering internship (PhD) at Meta.
However, most important is the cryptographic expertise of the candidate.

Please use the provided link for applying for this position. The link also offers PoCs for questions about the application process.

Closing date for applications:

Contact: For other questions: Daniel Masny dmasny@meta.com

More information: https://www.metacareers.com/v2/jobs/2313453352176132/

Salary: 45,585 to 54,395 GBP

Closing Date: Sunday 07 January 2024

At the Computer Science Research Centre in the University of Surrey we are seeking to appoint a number of Lecturers in Computer Science to strengthen our research and ambitious strategic growth. These appointments are on a full-time and permanent basis.

We are particularly looking for applicants in one of the following areas:

• Software Security
• Natural Language Processing
• Human Factors/Usability
• The interface between Artificial Intelligence and Security

The post holders will be expected to contribute to undergraduate or MSc teaching on the Computer Science BSc and MSc programmes.

Our staff and students come from all over the world and we are proud of our friendly and inclusive culture. The University and the Department specifically are committed to building a culturally diverse organisation. Applications are strongly encouraged from female and minority candidates.

Closing date for applications:

Contact: Informal inquiries can be directed to the Director of the Computer Science Research Centre, Professor Steve Schneider at s.schneider@surrey.ac.uk.

More information: https://jobs.surrey.ac.uk/Vacancy.aspx?id=13713

Constant-time C software for various post-quantum KEMs has been submitted by the KEM design teams to the SUPERCOP testing framework. The ref/*.c and ref/*.h files together occupy, e.g., 848 lines for ntruhps4096821, 928 lines for ntruhrss701, 1316 lines for sntrup1277, and 2613 lines for kyber1024.

It is easy to see that these numbers overestimate the inherent complexity of software for these KEMs. It is more difficult to systematically measure this inherent complexity.

This paper takes these KEMs as case studies and applies consistent rules to streamline the ref software for the KEMs, while still passing SUPERCOP's tests and preserving the decomposition of specified KEM operations into functions. The resulting software occupies 381 lines for ntruhps4096821, 385 lines for ntruhrss701, 472 lines for kyber1024, and 478 lines for sntrup1277. This paper also identifies the external subroutines used in each case, identifies the extent to which code is shared across different parameter sets, quantifies various software complications specific to each KEM, and finds secret-dependent timings in kyber*/ref.

This work investigates the security of the Ascon authenticated encryption scheme in the context of fault attacks, with a specific focus on Differential Fault Analysis (DFA). Motivated by the growing significance of lightweight cryptographic solutions, particularly Ascon, we explore potential vulnerabilities in its design using DFA. By employing a novel approach that combines faulty forgery in the decryption query under two distinct fault models, leveraging bit-flip faults in the first phase and bit-set faults in the second, we successfully recover the complete Ascon key. This study sheds light on the impact of key whitening in the final permutation call and discusses potential threats when this safeguard is absent. Additionally, we consider the implications of injecting multiple bit-flip faults at the S-box input, suggesting alternative strategies for compromising the state space. Our findings contribute valuable insights into the gray-box security landscape of Ascon, emphasizing the need for robust defenses to ensure the integrity and resilience of lightweight cryptographic primitives against diverse fault attacks.

In recent years, deep learning-based side-channel analysis (DLSCA) has become an active research topic within the side-channel analysis community. The well-known challenge of hyperparameter tuning in DLSCA encouraged the community to use methods that reduce the effort required to identify an optimal model. One of the successful methods is ensemble learning. While ensemble methods have demonstrated their effectiveness in DLSCA, particularly with AES-based datasets, their efficacy in analyzing symmetric-key cryptographic primitives with different operational mechanics remains unexplored. Ascon was recently announced as the winner of the NIST lightweight cryptography competition. This will lead to broader use of Ascon and a crucial requirement for thorough side-channel analysis of its implementations. With these two considerations in view, we utilize an ensemble of deep neural networks to attack two implementations of Ascon. Using an ensemble of five multilayer perceptrons or convolutional neural networks, we could find the secret key for the Ascon-protected implementation with less than 3 000 traces. To the best of our knowledge, this is the best currently known result. We can also identify the correct key with less than 100 traces for the unprotected implementation of Ascon, which is on par with the state-of-the-art results.

The Automatic Certificate Management Environment protocol (ACME) has significantly contributed to the widespread use of digital certificates in safeguarding the authenticity and privacy of Internet data. These certificates are required for implementing the Transport Layer Security (TLS) protocol. However, it is well known that the cryptographic algorithms employed in these certificates will become insecure with the emergence of quantum computers. This study assesses the challenges in transitioning ACME to the post-quantum landscape using Post-Quantum Cryptography (PQC). To evaluate the cost of ACME's PQC migration, we create a simulation environment for issuing PQC-only and hybrid digital certificates. Our experiments reveal performance drawbacks associated with the switch to PQC or hybrid solutions. However, considering the high volume of certificates issued daily by organizations like Let's Encrypt, the performance of ACME is of utmost importance. To address this concern, we propose a novel challenge method for ACME. Compared to the widely used HTTP-01 method, our findings indicate an average PQC certificate issuance time that is 4.22 times faster, along with a potential reduction of up to 35% in communication size.

Instant Runoff Voting (IRV) is one example of ranked-choice voting. It provides many known benefits when used in elections, such as minimising vote splitting, ensuring few votes are wasted, and providing resistance to strategic voting. However, the voting and tallying procedures for IRV are much more complicated than those of plurality and are both error-prone and tedious. Many automated systems have been proposed to simplify these procedures in IRV. Some of these also employ cryptographic techniques to protect the secrecy of ballots and enable verification of the tally. Nearly all of these cryptographic systems require a set of trustworthy tallying authorities (TAs) to perform the decryption of votes and/or running of mix servers, which adds significant complexity to the implementation and election management. We address this issue by proposing Camel: an E2E verifiable solution for IRV that requires no TAs. Camel employs a novel representation and a universally verifiable shifting procedure for ballots that facilitate the elimination of candidates as required in an IRV election. We combine these with a homomorphic encryption scheme and zero-knowledge proofs to protect the secrecy of the ballots and enable any party to verify the well-formedness of the ballots and the correctness of the tally in an IRV election. We examine the security of Camel and prove it maintains ballot secrecy by limiting the learned information (namely the tally) against a set of colluding voters.