International Association
for Cryptologic Research

Event date: 16 December to 20 December 2024
Submission deadline: 10 July 2024
Notification: 10 September 2024

The Security and Privacy Research Unit at TU Wien is offering a fully funded PhD position under the supervision of Dr. Zeta (Georgia) Avarikioti and Univ.-Prof. Dr. Matteo Maffei. If you are interested, please apply at https://tools.spycode.at/recruiting/call/4.

Closing date for applications:

Contact: Zeta Avarikioti and Mattero Maffei

More information: https://tools.spycode.at/recruiting/call/4

We are looking for motivated postdoctoral candidates with experience using zero-knowledge proofs in cutting edge applications and hardware acceleration. The candidate will be working with the Adaptive Computing and Embedded Systems (ACES) Lab at UC San Diego, led by Farinaz Koushanfar. In particular, the student will be working on incorporating zero-knowledge proofs into emerging learning paradigms. Alongside this, the candidate should have experience with GPU/FPGA acceleration, as they will be collaborating with senior PhD students to build an end-to-end zero-knowledge proof accelerator. This position is fully-funded.

Requirements:

• Ph.D. in Computer Engineering, Computer Science, or a closely related field
• Strong ability in at least C/C++ or Rust
• Familiarity with popular open-source zero-knowledge proof frameworks
• Publication record in top venues, with proven research record around zero-knowledge proofs
• Strong theoretical understanding of zero-knowledge proofs and its various constructions
• Ability to work on-site in San Diego

To apply, please send your CV to Farinaz Koushanfar at the email: fkoushanfar@ucsd.edu

Closing date for applications:

Contact: Farinaz Koushanfar (fkoushanfar@ucsd.edu)

We are looking for motivated postdoctoral candidates with experience in applied cryptography and privacy-preserving computation. The candidate will be working with the Adaptive Computing and Embedded Systems (ACES) Lab at UC San Diego, led by Farinaz Koushanfar. In particular, the student will be working at the intersection of computational healthcare applications and privacy-preserving computation. The researcher will be given the freedom to analyze different privacy-preserving protocols and collaborate with medical professionals to create innovative solutions. This position is fully-funded.

Requirements:

• Ph.D. in Computer Science, Computer Engineering, or a closely related field
• Strong ability in at least C/C++, Python, or Rust
• Familiarity with popular open-source privacy-preserving computation frameworks
• Publication record in top venues, with proven research record in applied cryptography or adjacent field
• Strong applied cryptography skills
• Ability to work on-site in San Diego

To apply, please send your CV to Farinaz Koushanfar at the email: fkoushanfar@ucsd.edu

Closing date for applications:

Contact: Farinaz Koushanfar (fkoushanfar@ucsd.edu)

Software Security Researcher Who We Are The Cryptography Research Center (CRC) brings together theoretical and applied cryptographers to contribute to the proliferation of this ever-evolving ecosystem. Our world-class cryptography experts collaborate with key industry players to offer advanced solutions to address the threats faced by today’s digital societies. CRC is part of the Technology Innovation Institute (TII), a global scientific research center attracting the world’s foremost scientists and researchers. TII leads worldwide advances in artificial intelligence, autonomous robotics, quantum computing, cryptography and quantum communications, directed energy, secure communication, smart devices, advanced materials, and propulsion and space technologies, and biotechnology fields. What We Do We design, analyze, and implement cryptographic algorithms and protocols using in-depth technical expertise that encompasses fundamental classical and post-quantum cryptography research, applied cryptography engineering, and research on theoretical and practical cryptanalytic techniques. Responsibilities Participate in security evaluations of in-house and 3rd-party developed products Conduct R&D activities in the areas of vulnerability research, reverse engineering, and exploit development/mitigation bypass Required skills BSc/MSc in Computer Engineering, Computer Science, or related Significant hands-on experience doing reverse engineering of ARM/AARCH64/RISC-V binaries using IDA Pro or Ghidra Hands-on experience with fuzzing (AFL, FuzzTest/centipede) and debugging tools (GDB) Experience performing source code reviews of large code bases Experience with advanced exploitation techniques Proficient with C/C++ and Python Nice to have skills PhD degree in software security or related Proven experience in security/vulnerability research (e.g., papers, CVEs for RCE/LPE)

Closing date for applications:

Contact: mohammed.hannan@tii.ae

Who We Are The Cryptography Research Center (CRC) brings together theoretical and applied cryptographers to contribute to the proliferation of this ever-evolving ecosystem. Our world-class cryptography experts collaborate with key industry players to offer advanced solutions to address the threats faced by today’s digital societies. CRC is part of the Technology Innovation Institute (TII), a global scientific research center attracting the world’s foremost scientists and researchers. TII leads worldwide advances in artificial intelligence, autonomous robotics, quantum computing, cryptography and quantum communications, directed energy, secure communication, smart devices, advanced materials, and propulsion and space technologies, and biotechnology fields. What We Do We design, analyze, and implement cryptographic algorithms and protocols using in-depth technical expertise that encompasses fundamental classical and post-quantum cryptography research, applied cryptography engineering, and research on theoretical and practical cryptanalytic techniques. Responsibilities Participate in security evaluations of in-house and 3rd-party developed products Conduct R&D activities in the areas of vulnerability research, hardware security, side-channel analysis, and fault injection attacks Required skills BSc/MSc in Computer Engineering, Electrical Engineering, or related Significant hands-on experience performing side-channel analysis and/or fault injection attacks on real-world devices Good understanding of system-level security building blocks (e.g., TEE, secure boot, OTP fuses, secure elements) Familiarity with the most common countermeasures found on modern secure chips (e.g., shields, sensors, codes, masking) Experience with C/C++ and Python Nice to have skills PhD degree in hardware security or related Proven experience in security research (e.g., papers, CVEs)

Closing date for applications:

Contact: mohammed.hannan@tii.ae

A Ph.D. position is available in the Cryptology and Data Security research group at the Institute of Computer Science, University of Bern, led by Christian Cachin.

Our research addresses all aspects of security in distributed systems, especially cryptographic protocols, consistency, consensus, and cloud-computing security. We are particularly interested in blockchains, distributed ledger technology, cryptocurrencies, and their security and economics. To learn more about our research topics, please explore https://crypto.unibe.ch. We are part of IC3: The Initiative for Cryptocurrencies and Contracts (http://www.initc3.org>).

Candidates should have a strong background in computer science and its mathematical foundations. They should like conceptual, rigorous thinking for working theoretically. Demonstrated expertise in cryptography, distributed computing, or blockchain technology is a plus. Applicants must hold a master degree in the relevant research fields.

Positions are available for starting in Spring 2024 and come with a competitive salary. The selection process runs until suitable candidates have been found. The University of Bern conducts excellent research and lives up its vision that "Knowledge generates value". The city of Bern lies in the center of Switzerland and offers some of the highest quality of life worldwide.

If you are interested, please apply be sending email with **one single PDF file** and **subject line** set to **Application for Ph.D.**, addressed directly to Prof. Christian Cachin at **crypto.inf (at) unibe.ch.**.

Since we receive many applications, we encourage you to include material that explains your interests, demonstrates your strengths, and sets you apart from others.

Closing date for applications:

Contact: Christian Cachin, https://crypto.unibe.ch/cc/

More information: https://crypto.unibe.ch/jobs/

In this article, we examine Differential Fault Attacks (DFA) targeting two stream ciphers, FLIP and FiLIP. We explore the fault model where an adversary flips a single bit of the key at an unknown position. Our analysis involves establishing complexity bounds for these attacks, contingent upon the cryptographic parameters of the Boolean functions employed as filters and the key size. Initially, we demonstrate how the concept of sensitivity enables the detection of the fault position using only a few keystream bits. This represents an enhancement over previous DFA methodologies applied to these ciphers. Subsequently, we leverage the properties of the filter's derivatives to execute attacks. This approach is universally applicable to any filter, and we delineate specific attack strategies for the two function families previously implemented in these ciphers.

Post-quantum digital signature schemes have recently received increased attention due to the NIST standardization project for additional signatures. MPC-in-the-Head and VOLE-in-the-Head are general techniques for constructing such signatures from zero-knowledge proof systems. A common theme between the two is an all-but-one vector commitment scheme which internally uses GGM trees. This primitive is responsible for a significant part of the computational time during signing and verification.

A more efficient technique for constructing GGM trees is the half-tree technique, introduced by Guo et al. (Eurocrypt 2023). Our work builds an all-but-one vector commitment scheme from the half-tree technique, and further generalizes it to an all-but-\(\tau\) vector commitment scheme. Crucially, our work avoids the use of the random oracle assumption in an important step, which means our binding proof is non-trivial and instead relies on the random permutation oracle. Since this oracle can be instantiated using fixed-key AES which has hardware support, we achieve faster signing and verification times.

We integrate our vector commitment scheme into FAEST (faest.info), a round one candidate in the NIST standardization process, and demonstrates its performance with a prototype implementation. For \(\lambda = 128\), our experimental results show a nearly \(3.5\)-fold improvement in signing and verification times.

SNOVA is a multivariate signature scheme submitted to the ad- ditional NIST PQC standardization project started in 2022. SNOVA is con- structed by incorporating the structure of the matrix ring over a finite field into the UOV signature scheme, and the core part of its public key is the UOV public key whose coefficients consist of matrices. As a result, SNOVA dramatically reduces the public key size compared to UOV. In this paper, we recall the construction of SNOVA, and reconsider its security analysis. In particular, we investigate key recovery attacks applied to the core part of the public key of SNOVA in detail. Due to our analysis, we show that some pa- rameters of SNOVA submitted in the additional NIST PQC standardization do not satisfy the claimed security levels.

The remarkable performance capabilities of AI accelerators offer promising opportunities for accelerating cryptographic algorithms, particularly in the context of lattice-based cryptography. However, current approaches to leveraging AI accelerators often remain at a rudimentary level of implementation, overlooking the intricate internal mechanisms of these devices. Consequently, a significant number of computational resources is underutilized.

In this paper, we present a comprehensive exploration of NVIDIA Tensor Cores and introduce a novel framework tailored specifically for Kyber. Firstly, we propose two innovative approaches that efficiently break down Kyber's NTT into iterative matrix multiplications, resulting in approximately a 75% reduction in costs compared to the state-of-the-art scanning-based methods.Secondly, by reversing the internal mechanisms, we precisely manipulate the internal resources of Tensor Cores using assembly-level code instead of inefficient standard interfaces, eliminating memory accesses and redundant function calls. Finally, building upon our highly optimized NTT, we provide a complete implementation for all parameter sets of Kyber. Our implementation surpasses the state-of-the-art Tensor Core based work, achieving remarkable speed-ups of 1.93x, 1.65x, 1.22x and 3.55x for polyvec_ntt, KeyGen, Enc and Dec in Kyber-1024, respectively. Even when considering execution latency, our throughput-oriented full Kyber implementation maintains an acceptable execution latency. For instance, the execution latency ranges from 1.02 to 5.68 milliseconds for Kyber-1024 on R3080 when achieving the peak throughput.

Dual-receiver encryption (DRE) is a special form of public key encryption (PKE) that allows a sender to encrypt a message for two recipients. Without further properties, the difference between DRE and PKE is only syntactical. One such important property is soundness, which requires that no ciphertext can be constructed such that the recipients decrypt to different plaintexts. Many applications rely on this property in order to realize more complex protocols or primitives. In addition, many of these applications explicitly avoid the usage of the random oracle, which poses an additional requirement on a DRE construction. We show that all of the IND-CCA2 secure standard model DRE constructions based on post-quantum assumptions fall short of augmenting the constructions with soundness and describe attacks thereon. We then give an overview over all applications of IND-CCA2 secure DRE, group them into generic (i. e., applications using DRE as black-box) and non-generic applications and demonstrate that all generic ones require either soundness or public verifiability. Conclusively, we identify the gap of sound and IND-CCA2 secure DRE constructions based on post-quantum assumptions in the standard Model. In order to fill this gap we provide two IND-CCA2 secure DRE constructions based on the standard post-quantum assumptions, Normal Form Learning With Errors (NLWE) and Learning Parity with Noise (LPN).

In this work, we propose two novel succinct one-out-of-many proofs from coding theory, which can be seen as extensions of the Stern's framework and Veron's framework from proving knowledge of a preimage to proving knowledge of a preimage for one element in a set, respectively. The size of each proof is short and scales better with the size of the public set than the code-based accumulator in \cite{nguyen2019new}. Based on our new constructions, we further present a logarithmic-size ring signature scheme and a logarithmic-size group signature scheme. Our schemes feature a short signature size, especially our group signature. To our best knowledge, it is the most compact code-based group signature scheme so far. At 128-bit security level, our group signature size is about 144 KB for a group with $2^{20}$ members while the group signature size of the previously most compact code-based group signature constructed by the above accumulator exceeds 3200 KB.

We introduce $\mathsf{ChalametPIR}$: a single-server Private Information Retrieval (PIR) scheme supporting fast, low-bandwidth keyword queries, with a conceptually very simple design. In particular, we develop a generic framework for converting PIR schemes for index queries over flat arrays (based on the Learning With Errors problem) into keyword PIR. This involves representing a key-value map using any probabilistic filter that permits reconstruction of elements from inclusion queries (e.g. Cuckoo filters). In particular, we make use of recently developed Binary Fuse filters to construct $\mathsf{ChalametPIR}$, with minimal efficiency blow-up compared with state-of-the-art index-based schemes (all costs bounded by a factor of \(\leq 1.08\)). Furthermore, we show that $\mathsf{ChalametPIR}$ achieves runtimes and financial costs that are factors of between \(6\times\)-\(11\times\) and \(3.75\times\)-\(11.4\times\) more efficient, respectively, than state-of-the-art keyword PIR approaches, for varying database configurations. Bandwidth costs are additionally reduced or remain competitive, depending on the configuration. Finally, we believe that our application of Binary Fuse filters in the cryptography setting may bring immediate independent value towards developing efficient variants of other related primitives that benefit from using such filters.

The paper presents a short survey of the History of Multivariate Cryptography together with the usage of old broken multivariate digital signatures in the new protocol based cryptosystems constructed in terms of Noncommutative Cryptography. The general schemes of New cryptosystems is a combinations of Eulerian maps and quadratic maps with their trapdoor accelerators, which are pieces of information such than the knowledge of them allow to compute the reimages in a polynomial time. These schemes are illustrated by historical examples of Imai – Matsumoto multivariate digital signatures schemes and Unbalanced Oil and Vinegar Cryptosystems.

Federated Learning (FL) is a data-minimization approach enabling collaborative model training across diverse clients with local data, avoiding direct data exchange. However, state-of-the-art FL solutions to identify fraudulent financial transactions exhibit a subset of the following limitations. They (1) lack a formal security definition and proof, (2) assume prior freezing of suspicious customers’ accounts by financial institutions (limiting the solutions’ adoption), (3) scale poorly, involving either $O(n^2)$ computationally expensive modular exponentiation (where $n$ is the total number of financial institutions) or highly inefficient fully homomorphic encryption, (4) assume the parties have already completed the identity alignment phase, hence excluding it from the implementation, performance evaluation, and security analysis, and (5) struggle to resist clients’ dropouts. This work introduces Starlit, a novel scalable privacy-preserving FL mechanism that overcomes these limitations. It has various applications, such as enhancing financial fraud detection, mitigating terrorism, and enhancing digital health. We implemented Starlit and conducted a thorough performance analysis using synthetic data from a key player in global financial transactions. The evaluation indicates Starlit’s scalability, efficiency, and accuracy.

Event date: 21 January to 19 July 2024
Submission deadline: 10 February 2024
Notification: 15 March 2024

Event date: 28 August to 30 August 2024
Submission deadline: 7 February 2024
Notification: 20 March 2024

Event date: 11 September to 13 September 2024
Submission deadline: 24 April 2024
Notification: 24 June 2024

In the current paper we investigate the possibility of designing secure two-party signature scheme with the same verification algorithm as in the Russian standardized scheme (GOST scheme). We solve this problem in two parts. The first part is a (fruitless) search for an appropriate scheme in the literature. It turned out that all existing schemes are insecure in the strong security models. The second part is a synthesis of new signature scheme and ends fruitfully. We synthesize a new two-party GOST signature scheme, additionally using the commitment scheme, guided by the features of the GOST signature scheme, as well as the known attacks on existing schemes. We prove that this scheme is secure in a bijective random oracle model in the case when one of the parties is malicious under the assumption that the classical GOST scheme is unforgeable in a bijective random oracle model and the commitment scheme is modelled as a random oracle.