International Association
for Cryptologic Research

This paper conducts a comprehensive benchmarking analysis of the performance of two innovative cryptographic schemes: Homomorphic Polynomial Public Key (HPPK)-Key Encapsulation Mechanism (KEM) and Digital Signature (DS), recently proposed by Kuang et al. These schemes represent a departure from traditional cryptographic paradigms, with HPPK leveraging the security of homomorphic symmetric encryption across two hidden rings without reliance on NP-hard problems. HPPK can be viewed as a specialized variant of Multivariate Public Key Cryptography (MPKC), intricately associated with two vector spaces: the polynomial vector space for the secret exchange and the multivariate vector space for randomized encapsulation.

The unique integration of asymmetric, symmetric, and homomorphic cryptography within HPPK necessitates a careful examination of its performance metrics. This study focuses on the thorough benchmarking of HPPK KEM and DS across key cryptographic operations, encompassing key generation, encapsulation, decapsulation, signing, and verification. The results highlight the exceptional efficiency of HPPK, characterized by compact key sizes, cipher sizes, and signature sizes. The use of symmetric encryption in HPPK enhances its overall performance. Key findings underscore the outstanding performance of HPPK KEM and DS across various security levels, emphasizing their superiority in crucial cryptographic operations. This research positions HPPK as a promising and competitive solution for post-quantum cryptographic applications in a wide range of applications, including blockchain, digital currency, and Internet of Things (IoT) devices.

NIST has released the draft specification of SLH-DSA (also known as Sphincs+). When NIST released its original call for proposals for the Postquantum Process, they specified that signature systems would need to be usable at full security for $2^{64}$ signatures per private key. Hence, the parameter sets specified in SLH-DSA is tuned to have full security after that many signatures. However, it has been noted that in many cases, we don't have need for that many signatures, and that parameter sets tuned for fewer signatures would be shorter and more efficient to process. This paper examines such possible alternative parameter sets.

The Department of Mathematics at Virginia Tech invites applications for several Postdoctoral Associate positions. These are two-year appointments to begin August 10, 2024. An online application is required. To apply, please visit www.jobs.vt.edu, select "Apply Now" and search by posting number 528127. For full consideration submit a cover letter, a CV, a research statement, and a teaching statement as part of the online application.

Closing date for applications:

Contact: Sarah McDearis, sworl9@vt.edu

More information: https://jobs.vt.edu

The Post-Quantum Cryptography group is looking for a motivated PhD candidate on the topic of lattice-based cryptography. In particular, the candidate will work with dr. Cecilia Boschini and prof. Dennis Hofheinz on lattice-based distributed authentication (threshold and multi- signatures), from constructing and analyzing protocols to more foundational work in lattice theory. Besides research, the candidate is expected to do a small amount of teaching each semester, in accordance with ETH regulations.

The position is fully funded for 4 years with a competitive salary (rate 5 according to ETH rules), and available already from Spring 2024; the exact starting date is negotiable. To be eligible, the candidate should have a master's (or equivalent) degree in Computer Science or Mathematics (or other relevant field), and already have some basic knowledge of cryptography and/or lattices.

ETH has a large and diverse community of cryptographers, with strong researchers in both theoretical and applied areas, and ties to the many other cryptography groups present in Switzerland. As a nice bonus, the department of Computer Science is located in the center of Zurich, a dynamic and international city where everything can be reached by public transport, including the Alps.

To apply, please send via email the following:

• your CV (max 2 pages)
• transcripts
• contact information of 2 references

In order to be guaranteed to be considered, please apply before March 1st, 2024. That being said, applications are accepted until the position is filled.

Closing date for applications:

Contact: Dr. Cecilia Boschini (cecilia.boschini@inf.ethz.ch)

We are looking for an excellent, motivated, post-doctoral researcher to work in the area of information security and cryptography. The post-doctoral researcher will join Katerina Mitrokotsa's research group (Chair of Cyber Security), working in the area of information and communication security with a focus on authentication protocols, verifiable delegation of computation, and secure multi-party computation. The position is available for one plus one year after a successful review evaluation.

Key Responsibilities:

• The post-doctoral fellow is expected to perform exciting and challenging research in the area of information security and cryptography including the design of provably secure cryptographic protocols.
• The post-doctoral fellow shall be involved in the supervision of PhD and master students

Your profile:

• The post-doctoral researcher is expected to have a PhD degree in Computer Science, Engineering or Mathematics and a strong background in theoretical computer science and cryptography
• Have an excellent publication record in top venues Competitive research record in cryptography or information security
• Strong mathematical and algorithmic CS background
• Good skills in programming is beneficial
• Excellent written and verbal communication skills in English

The Chair of Cyber Security, is a part of the Institute of Computer Science (ICS) at the University of St. Gallen. The chair was established in autumn semester 2020 and is led by Prof. Dr. Katerina Mitrokotsa. Our research interests are centered around information security and applied cryptography, with the larger goal of safeguarding communications and providing strong privacy guarantees. We are currently active in multiple areas including the design of provably secure cryptographic protocols and cryptographic primitives that can be employed for reliable authentication, outsourcing computations in cloud-assisted settings, network security problems as well as secure and privacy-preserving machine learning.

Please apply asap through the job link.

Closing date for applications:

Contact:
Eriane Breu (Administrative matters)
Prof. Katerina Mitrokotsa (Research related questions)

More information: https://jobs.unisg.ch/offene-stellen/postdoc-fellow-in-cryptography-information-security-m-f-d-m-w-d/831c6e8a-e191-48ec-92d5-320b2822a9ab

We are looking for a bright and motivated PhD student to work in the topics of information security and cryptography.

The student is expected to work on topics that include security and privacy issues in authentication. More precisely, the student will be working on investigating efficient and privacy-preserving authentication that provides: i) provable security guarantees, and ii) rigorous privacy guarantees.

Key Responsibilities:

• Perform exciting and challenging research in the domain of information security and cryptography.
• Support and assist in teaching computer security and cryptography courses.

Profile:

• The PhD student is expected to have a MSc degree or equivalent, and strong background in cryptography, network security and mathematics.
• Experience in one or more domains such as cryptography, design of protocols, secure multi-party computation and differential privacy is beneficial.
• Excellent programming skills.
• Excellent written and verbal communication skills in English

The Chair of Cyber Security, https://cybersecurity.unisg.ch/, is a part of the Institute of Computer Science (ICS) at the University of St.Gallen. The chair was established in autumn semester 2020 and is led by Prof. Dr. Katerina Mitrokotsa. Our research interests are centered around information security and applied cryptography, with the larger goal of safeguarding communications and providing strong privacy guarantees. We are currently active in multiple areas including the design of provably secure cryptographic protocols and cryptographic primitives that can be employed for reliable authentication, outsourcing computations in cloud-assisted settings, network security problems as well as secure and privacy-preserving machine learning. As a doctoral student you will be a part of the Doctoral School of Computer Science (DCS), https://dcs.unisg.ch.

Please apply asap through the job link. Applications will be evaluated continuously.

Closing date for applications:

Contact:
Eriane Breu (Administrative matters)
Prof. Katerina Mitrokotsa (Research related questions)

More information: https://jobs.unisg.ch/offene-stellen/funded-phd-student-in-applied-cryptography-privacy-preserving-authentication-m-f-d-m-w-d/6ce1d454-47ca-4710-a9f2-33429243b4ac

The Key Management team at Copper is tasked with developing the core components of Copper’s custodial solution. This entails the constructions of tools and services essential for secure storage and transfer of digital assets. A focal point of the team’s responsibilities includes developing and integrating MPC (Multiparty Computation)-based cryptographic signature algorithms. Additionally, the team is charged with the development of APIs that facilitate the interaction of cryptographic primitives with both client-facing applications and certain internal services within Copper. You will conduct cryptography literature review, select relevant papers, and produce a specification and pseudocode from the paper(s). You will implement cryptography specifications into secure, production-level code. You will integrate cryptography primitives into Copper’s internal MPC framework. You will participate in the design and implementation of Copper’s next generation MPC framework. You will interact with auditors and academia, as well as cryptographers on the client side. You will provide cryptography support for other Copper development teams

Closing date for applications:

Contact: Clara Luna

More information: https://boards.eu.greenhouse.io/copperco/jobs/4248039101

We develop a new PT-symmetric approach for mapping three pure qubit states, implement it by the dilation method, and demonstrate it with a superconducting quantum processor provided by the IBM Quantum Experience. We derive exact formulas for the population of the post-selected PT-symmetric subspace and show consistency with the Hermitian case, conservation of average projections on reference vectors, and Quantum Fisher Information. When used for discrimination of N = 2 pure states, our algorithm gives an equivalent result to the conventional unambiguous quantum state discrimination. For N = 3 states, our approach provides novel properties unavailable in the conventional Hermitian case and can transform an arbitrary set of three quantum states into another arbitrary set of three states at the cost of introducing an inconclusive result. For the QKD three-state protocol, our algorithm has the same error rate as the conventional minimum error, maximum confidence, and maximum mutual information strategies. The proposed method surpasses its Hermitian counterparts in quantum sensing using non-MSE metrics, providing an advantage for precise estimations within specific data space regions and improved robustness to outliers. Applied to quantum database search, our approach yields a notable decrease in circuit depth in comparison to traditional Grover’s search algorithm while maintaining the same average number of oracle calls, thereby offering significant advantages for NISQ computers. Additionally, the versatility of our method can be valuable for the discrimination of highly non-symmetric quantum states, and quantum error correction. Our work unlocks new doors for applying PT -symmetry in quantum communication, computing, and cryptography.

In order to provide access control on encrypted data, Attribute-based encryption (ABE) defines each user using a set of attributes. Fuzzy identity-based encryption (FIBE) is a variant of ABE that allows for a threshold access structure for users. To address the potential threat posed by future quantum computers, this paper presents a post-quantum fuzzy IBE scheme based on lattices. However, current lattice-based ABE schemes face challenges related to computational complexity and the length of ciphertext and keys. This paper aims to improve the performance of an existing fuzzy IBE scheme by reducing key length and computational complexity during the encryption phase. While negative attributes are not utilized in our scheme, we prove its security under the learning with error (LWE) hard problem assumption in the selective security model. These improvements have significant implications for the field of ABE.

Through tremendous efforts, the communication cost of secure multi-party computation (MPC) in the honest-majority setting has been significantly improved. In particular, the state-of-the-art honest-majority MPC protocol by Escudero et al. (CCS'22) takes 12 field elements in total per multiplication gate for arithmetic circuits in the online phase. However, it still requires $12 \log(5n/4)$ bits of online communication per AND gate for Boolean circuits. That is, for Boolean circuits, no MPC protocol with constant online communication is known.

In this paper, we present an unconditionally secure MPC protocol for Boolean circuits in the honest-majority setting, which has constant online communication complexity and the offline communication complexity linear to the number $n$ of parties. We first describe the semi-honest MPC protocol and then show how to extend it to achieve malicious security, where the maliciously secure protocol has the same communication cost as the semi-honest protocol. In particular, our protocol achieves the amortized communication cost $36$ bits per AND gate in the online phase and $30n+24$ bits per AND gate in the offline phase.

An accountable subgroup multi-signature (ASM) is a multi-signature that allows any subgroup of potential signers to jointly sign a message such that the subgroup of co-signers are accountable for the resulting signature and their identities are identifiable to any verifier. In this paper, we pro- pose a novel lattice-based accountable subgroup multi-signature scheme, i.e., vMS2, by combining the group setup method of recently proposed vASM scheme and Damgard et al.’s lattice-based MS2 multi-signature scheme. Key generation, signature generation and verification phases of our proposed scheme are almost identical to the MS2 scheme. In the group setup phase, we generate membership keys which is used for signing a message on behalf of a group G of users. These membership keys are generated via a joint verifiable secret sharing (VSS) scheme in a way that they include a piece of information from the secret keys of all users in G so that any subgroup of users in G having a valid membership key can sign in an accountable fashion. We also present a comparison of the underlying MS2 scheme and our accountable subgroup multi-signature scheme vMS2 to show the cost of accountability. We see that lattice-based accountable subgroup multi-signature scheme can be achieved by adding a one-time one-round group setup whose cost is slightly higher than signature generation and verification of the underlying MS2 signature scheme.

We show that the authentication scheme [Comput. Networks, 225 (2023), 109664] is flawed. (1) Some parameters are not specified. (2) Some computations are inconsistent. (3) It falsely require the control gateway to share its private key with the medical expert. (4) The scheme fails to keep user anonymity, not as claimed.

IDentity-based Password Authentication and Key Establishment (ID-PAKE) is an interesting trade-off between the security and efficiency, specially due to the removal of costly Public Key Infrastructure (PKI). However, we observe that previous PAKE schemes such as Beguinet et al. (ACNS 2023), Pan et al. (ASIACRYPT 2023) , Abdallah et al. (CRYPTO 2020) etc. fail to achieve important security properties such as weak/strong Perfect Forward Secrecy (s-PFS), user authentication and resistance to replay attack. In addition, to the best of our knowledge, no previous (P)AKE (either ID- based or PKI-based (P)AKEs) could achieve s-PFS with two-rounds of communication. In this paper, we propose a highly efficient ID-PAKE scheme with s-PFS and KGC-FS using only two rounds of communication, where each party only performs a single pairing operation. We compare our work with previous single pairing-based schemes i.e. Tomida et al. (ESORICS 2019) and Lian et al. (ESORICS 2020) and show that they suffer either s-PFS, KGC-FS attack and replay attack. In order to achieve a privacy-preserving PAKE scheme, we give a fix to Lian et al. (ESORICS 2020) in terms of KGC-FS and user authentication.

We prove the security of our scheme under standard assumptions such as Discrete Logarithms (DL) and q-strong Diffie-Hellman(q-sDH) assumption in ID-eCK model. Finally, we conduct a proof-of-concept implementation of our scheme vs. previous single pairing-based schemes and show that our scheme imposes the least computation cost and stands in the middle of previous scheme regarding communication cost.

This paper presents the first Distributed Oblivious RAM (DORAM) protocol that achieves sub-logarithmic communication overhead without computational assumptions. That is, given $n$ $d$-bit memory locations, we present an information-theoretically secure protocol which requires $o(d \cdot \log(n))$ bits of communication per access (when $d = \Omega(\log^2(n)$).

This comes as a surprise, since the Goldreich-Ostrovsky lower bound shows that the related problem of Oblivious RAMs requires logarithmic overhead in the number of memory locations accessed. It was shown that this bound also applies in the multi-server ORAM setting, and therefore also applies in the DORAM setting. Achieving sub-logarithmic communication therefore requires accessing and using $\Omega(\log(n) \cdot d)$ bits of memory, without engaging in communication for each bit accessed. Techniques such as Fully Homomorphic Encryption and Function Secret Sharing allow secure selection of the relevant memory locations with small communication overhead, but introduce computational assumptions.

In this paper we show that it is possible to avoid a logarithmic communication overhead even without any computational assumptions. Concretely, we present a 3-party honest-majority DORAM that is secure against semi-honest adversaries. The protocol has communication cost $$\Theta\left((\log^2(n) + d) \cdot \frac{\log(n)}{\log(\log(n)}\right)$$ For any $d = \Omega(\log^2(n))$ the overhead is therefore $\Theta(\log(n)/\log(\log(n)))$. Additionally, we show a subtle flaw in a common approach for analyzing the security of Oblivious Hash Tables. We prove our construction secure using an alternative approach.

Since the existing tropical cryptographic protocols are either susceptible to the Kotov-Ushakov attack and its generalization, or to attacks based on tropical matrix periodicity and predictive behaviour, several attempts have been made to propose protocols that resist such attacks. Despite these attempts, many of the proposed protocols remain vulnerable to attacks targeting the underlying hidden problems, one of which we call the tropical two-sided discrete logarithm with shift. An illustrative case is the tropical Stickel protocol, which, when formulated with a single monomial instead of a polynomial, becomes susceptible to attacks based on solutions of the above mentioned tropical version of discrete logarithm. In this paper we will formally introduce the tropical two-sided discrete logarithm with shift, discuss how it is solved, and subsequently demonstrate an attack on a key exchange protocol based on the tropical semiring of pairs. This particular protocol is compromised due to the existence of efficient (albeit heuristic) solution of the tropical two-sided logarithm problem, and this highlights the ongoing challenges in search of a "good" key exchange protocol in tropical cryptography.

A secure multiparty computation (MPC) allows several parties to compute a function over their inputs while keeping their inputs private. In its basic setting, the protocol involves only parties that hold inputs. In distributed MPC, there are also external servers who perform a distributed protocol that executes the needed computation, without learning information on the inputs and outputs. Here we propose distributed protocols for several fundamental MPC functionalities. We begin with a Distributed Scalar Product (DSP) protocol for computing scalar products of private vectors. We build upon DSP in designing various protocols for Oblivious Transfer (OT): k-out-of-N OT, Priced OT, and Generalized OT. We also use DSP for Oblivious Polynomial Evaluation (OPE) and Oblivious Multivariate Polynomial Evaluation (OMPE). All those problems involve a sender and a receiver, both of whom hold private vectors; the goal is to let the receiver learn the scalar product of those two vectors. However, in each of these problems the receiver must submit a vector of a specified form. Hence, a crucial ingredient in our protocols is a sub-protocol for validating that the receiver’s vector complies with the relevant restrictions, without learning anything else on that vector. Therefore, while previous studies presented distributed protocols for 1-out-of-N OT and OPE, our protocols are the first ones that are secure against malicious receivers. Our distributed protocols for the other OT variants and for OMPE are the first ones that handle such problems. In addition, while previous art assumed semi-honest servers, we present protocols that are secure even when some of the servers are malicious. Our protocols offer information-theoretic security and they are very efficient.

In post-quantum cryptography, permutations are frequently employed to construct cryptographic primitives. Careful design and implementation of sampling random unbiased permutations is essential for efficiency and protection against side-channel attacks. Nevertheless, there is a lack of systematic research on this topic. Our work seeks to fill this gap by studying the most prominent permutation sampling algorithms and assessing their advantages and limitations. We combine theoretical and experimental comparisons and provide a C library with the implementations of the algorithms discussed. Furthermore, we introduce a new sampling algorithm tailored for cryptographic applications.

Universal thresholdizer (UT) was proposed by Boneh et al. in CRYPTO'18 as a general framework for thresholdizing non-threshold cryptographic primitives where a set of $N$ servers, each gets a share such that any set of $k$ servers, each produces a partial result, which can be combined to generate the final result. In many applications of threshold cryptography such as the protection of private keys in a digital wallet, the combining operation of partial results must be protected. In this paper, we extend the UT framework to include password authentication for such protection. We formalize the notion of password protected universal thresholdizer (PPUT) that requires the knowledge of a password to execute the protocol, propose a general construction of PPUT, and prove its security. Our construction uses threshold password authenticated key exchange (TPAKE) with simulation-based security as one of the main building blocks. We define simulation-based security of TPAKE in stand-alone model and give a construction using threshold fully-homomorphic encryption. As an application of PPUT, we propose a new primitive called password protected threshold signature. All the proposed constructions are secure in the standard model, and can be instantiated from lattices.

We explore the possibility of obtaining general-purpose obfuscation for all circuits by way of making only simple, local, functionality preserving random perturbations in the circuit structure. Towards this goal, we use the additional structure provided by reversible circuits, but no additional algebraic structure.

We start by formulating a new (and relatively weak) obfuscation task regarding the ability to obfuscate random circuits of bounded length. We call such obfuscators random input & output (RIO) obfuscators. We then show how to construct indistinguishability obfuscators for all (unbounded length) circuits given only an RIO obfuscator --- under a new assumption regarding the pseudorandomness of sufficiently long random reversible circuits with known functionality, which in turn builds on a conjecture made by Gowers (Comb. Prob. Comp. '96) regarding the pseudorandomness of bounded-size random reversible circuits. Furthermore, the constructed obfuscators satisfy a new measure of security - called random output indistinguishability (ROI) obfuscation - which is significantly stronger than IO and may be of independent interest.

We then investigate the possibility of constructing RIO obfuscators using local, functionality preserving perturbations. Our approach is rooted in statistical mechanics and can be thought of as locally ``thermalizing'' a circuit while preserving its functionality. We provide candidate constructions along with a pathway for analyzing the security of such strategies.

Given the power of program obfuscation, viability of the proposed approach would provide an alternative route to realizing almost all cryptographic tasks under hardness assumptions that are very different from standard ones. Furthermore, our specific candidate obfuscators are relatively efficient: the obfuscated version of an n-wire, m-gate (reversible) circuit with security parameter k has n wires and poly(n,k)m gates. We hope that our initial exploration will motivate further study of this alternative path to cryptography.

We study a fundamental problem in Multi-Party Computation, which we call the Multiple Millionaires’ Problem (MMP). Given a set of private integer inputs, the problem is to identify the subset of inputs that equal the maximum (or minimum) of that set, without revealing any further information on the inputs beyond what is implied by the desired output. Such a problem is a natural extension of the Millionaires’ Problem, which is the very first Multi-Party Computation problem that was presented in Andrew Yao’s seminal work [31]. A closely related problem is MaxP, in which the value of the maximum is sought. We propose several approaches towards the solution of those fundamental problems as well as concrete solutions, and compare their performance. As applications of privacy-preserving computation are more and more commonly implemented in industrial systems, MMP and MaxP become important building blocks in privacy-preserving statistics, machine learning, auctions and other domains. One of the prominent advantages of our novel protocols is their simplicity. As they solve fundamental problems that are essential building blocks in various application scenarios, we believe that our systematic study of solutions to those problems, and the comparison between them, will serve well future researchers and practitioners of secure distributed computing.