International Association
for Cryptologic Research

Event date: 7 May 2024
Submission deadline: 21 February 2024
Notification: 20 March 2024

A position for a PhD student in Cryptography is available in the newly formed research group led by Lorenz Panny in the Department of Mathematics, within the TUM School of Computation, Information and Technology, located at the Garching campus.

The group was established in 2023 and primarily focuses on mathematical aspects of post-quantum cryptography: for example, this includes topics such as classical and quantum cryptanalysis, cryptographic constructions based on isogenies of abelian varieties and other algebraic objects, and efficient algorithms for both attacks and secure implementations.

Please refer to the linked website for details on the position and application process.

Closing date for applications:

Contact: Lorenz Panny, lorenz.panny@tum.de

More information: https://portal.mytum.de/jobs/wissenschaftler/NewsArticle_20240216_105137

Trusted Execution Environments (TEEs) allow users to run their software in a secure enclave while assuring the integrity and confidentiality of data and applications. However, cloud computing these days relies heavily on peripherals such as GPUs, NICs, and FPGAs. Extending the security guarantees of CPU-based TEEs to such accelerators is currently not possible. New technologies are being proposed to address this, notably the PCIe Trusted Device Interface Security Protocol (TDISP). In this project, together with researchers at the University of Southampton, we will thoroughly evaluate the security guarantees of this new PCIe standard and its ability to provide trusted execution against strong adversaries.

Suitable candidates need a strong background in system-level programming (e.g. Rust, C, C++) and/or embedded systems/hardware security. We also expect a first-class UG or PG degree in a relevant subject (e.g. computer science or electrical engineering).

Funding: The studentship covers a stipend and tuition fees (we might be able to cover overseas student fees depending on the candidate and circumstances). The stipend provides an annual maintenance allowance of £18,622. The allowance is paid as a (usually) tax-free stipend and its rate is usually incremented on 1 October each following year. We provide personal laptops and travel funding to attend conferences (subject to prior approval) and one summer school (or equivalent). Students will also be given the chance to participate in teaching activities, including creating and grading exercises as well as conducting laboratory and tutorial sessions, which are compensated separately.

How to apply: Please first send your CV, a transcript with a list of courses and grades, and a description of your research interests to d.f.oswald (at) bham.ac.uk before 15 March 2024, with the title of the position ("PhD IOTEE: Securing and analysing trusted execution beyond the CPU") in the subject line. We will then contact you about potential next steps.

Closing date for applications:

Contact: For informal enquiries, contact David Oswald d.f.oswald@bham.ac.uk

More information: https://www.cs.bham.ac.uk/~oswalddf/phd-projects.php

The College of Computing at Mohammed VI Polytechnic University (UM6P), Benguerir, Morocco is currently looking for motivated and talented Postdoctoral researchers in the area Artificial Intelligence for Cybersecurity, and Quantum Cryptography. The successful candidates will primarily be working on the following topics (but not limited to):
• Artificial Intelligence for Cybersecurity
• Quantum Cryptography
• Quantum Blockchain

Key duties:
The Postdoctoral researcher will be expected to:
• Publish in high impact journals in the field.
• Participate to the supervision of PhD students and research internships.

Criteria of the candidate:
• PhD in the field of Cryptography, Computer security or any related field.
• Strong publication record in high impact conferences / journals.
• Very good programming skills (e.g., C, C++, Python), familiarity with Linux
• Proficiency in English and ability to work in a team
• Outstanding analytical and problem-solving skills

Employment terms:
The successful candidate will be employed by Mohammed VI Polytechnic University (UM6P) based at Benguerir (50 km north of Marrakech), Morocco. The net salary per month is 2000 USD. The initial appointment as Postdoctoral researcher will be for one-year renewable depending on satisfactory performance.

Applications and selection procedure:
Applications must be sent using a single electronic zipped folder with the mention of the job title in the mail subject. The folder must contain:
• A 1-page cover letter with main research interests.
• A detailed CV.
• A 1-page brief research statement.
• Contact information of 2 references (Applicants are assumed to have obtained their references’ consent to be contacted for this matter).

Contact: Prof. Mustapha Hedabou (mustapha.hedabou@um6p.ma)

Closing date for applications:

Contact: Prof. Mustapha Hedabou

We are looking for a talented and motivated engineer who will contribute to building the cryptographic infrastructure of our Web 3.0-enabled blockchain ecosystem. You will be involved in the design and implementation of blockchain scaling solutions, primarily based on zero-knowledge cryptography, with the aim of dramatically reducing the costs that blockchain operators incur when deploying their products. Our international team works in a stimulating and innovative environment, where technical expertise and experience contribute to the development of cutting-edge blockchain technology. You will be joining a small, deeply driven team of highly technical minds in a culture of openness, pragmatism, and ownership of challenging problems that span software engineering, systems design, cryptography, and computing.

What You’ll Own

• Design and implementation of blockchain-based cryptographic solutions leveraging modern cryptography (ZK, MPC, FHE).
• Assume technical responsibility of novel systems while identifying areas for innovative research and development.
• Writing reusable, testable, and efficient code with a focus on best practices and security.
• Help shape the future of the company where you will be intimately involved in the strategic decision making process and immediately see the impact of your contributions.
• Attend conferences and find opportunities in the on-chain ecosystem.

Closing date for applications:

Contact: People & Talent Team - recruiting@horizenlabs.io

More information: https://boards.greenhouse.io/horizenlabs/jobs/5075393004

Your mission

Collaborating with two experienced teams in security, digital hardware and software, you will contribute to the development of an embedded anchor of trust for future generation of sustainable IoT devices, enabling features such as post quantum cryptography, threshold cryptography, distributed architectures, or reconfigurability over the air. You will be working closely with a diverse team of engineers and researchers, and you will take a leading role in transforming a vision into tangible IPs.

Your responsibilities

• Research in applied cryptography and implementations for embedded devices.
• Implement cryptography and security primitives for embedded devices; mainly HW/SW co-design.
• Develop Proof of concepts based on advanced cryptography topics.
• Harden security modules against side channel attacks, software attacks and other threats.
• Adopt a holistic approach to design and implement robust features yielding solid foundations for end-to-end security.
• Propose innovative security IPs, challenge them against state of the art and review them with peers.

Your profile
Know-how

• PhD graduate or an MSc graduate.
• Background in one or more of these fields: digital design, embedded software design and applied cryptography.
• A high motivation to progress and excel in the field of applied cryptography and embedded security.
• Experience in digital hardware or embedded software development.
• Programming skills in VHDL, C, Python (or equivalent).
• Fluent in English. French or German are an advantage.

Interpersonal skills

• Natural curiosity and ability to adapt to new situations.
• Autonomous and hands-on, motivated to take initiative in the development of innovative solutions.
• Open-minded attitude and well-developed team-spirit.

Closing date for applications:

Contact: Damian Vizar

More information: https://www.csem.ch/en/jobs/151354/

Event date: 2 October to 4 October 2024
Submission deadline: 15 May 2024
Notification: 23 June 2024

Event date: 28 February to 29 February 2024

The Digital Security Group at ICIS, Radboud University, is looking for a PhD candidate in post-quantum cryptography (PQC) as part of the NWO-funded PQstrong project. The goal of the project is to aid NISTs and other standardization efforts for PQ digital signatures by providing new cryptanalytic methods and techniques for scrutinizing the proposed designs and improving confidence in the security of the standards that come out at the end. The position is under the supervision of Simona Samardjiska. For more information see the post on the website of Radboud University where you can also apply using an online form.

Closing date for applications:

Contact: Simona Samardjiska

More information: https://www.ru.nl/en/working-at/job-opportunities/phd-candidate-in-post-quantum-cryptography

The advent of Web3 technologies promises unprecedented levels of user control and autonomy. However, this decentralization shifts the burden of security onto the users, making it crucial to understand their security behaviors and perceptions. To address this, our study introduces a comprehensive framework that identifies four core components of user interaction within the Web3 ecosystem: blockchain infrastructures, Web3-based Decentralized Applications (DApps), online communities, and off-chain cryptocurrency platforms. We delve into the security concerns perceived by users in each of these components and analyze the mitigation strategies they employ, ranging from risk assessment and aversion to diversification and acceptance. We further discuss the landscape of both technical and human-induced security risks in the Web3 ecosystem, identify the unique security differences between Web2 and Web3, and highlight key challenges that render users vulnerable, to provide implications for security design in Web3.

We introduce YPIR, a single-server private information retrieval (PIR) protocol that achieves high throughput (up to 75% of the memory bandwidth of the machine) without any offline communication. For retrieving a 1-bit (or 1-byte) record from a 32-GB database, YPIR achieves 10.9 GB/s/core server throughput and requires 2.5 MB of total communication. On the same setup, the state-of-the-art SimplePIR protocol achieves a 12.6 GB/s/core server throughput, requires 1.5 MB total communication, but additionally requires downloading a 724 MB hint in an offline phase. YPIR leverages a new lightweight technique to remove the hint from high-throughput single-server PIR schemes with small overhead. We also show how to reduce the server preprocessing time in the SimplePIR family of protocols by a factor of $10$-$15\times$.

By removing the need for offline communication, YPIR significantly reduces the server-side costs for private auditing of Certificate Transparency logs. Compared to the best previous PIR-based approach, YPIR reduces the server-side costs by a factor of $5.6\times$. Note that to reduce communication costs, the previous approach assumed that updates to the Certificate Transparency log servers occurred in weekly batches. Since there is no offline communication in YPIR, our approach allows clients to always audit the most recent Certificate Transparency logs (e.g., updating once a day). Supporting daily updates using the prior scheme would cost $30\times$ more than YPIR (based on current AWS compute costs).

Vehicle-to-grid (V2G) provides effective charging services, allows bidirectional energy communication between the power grid and electric vehicle (EV), and reduces environmental pollution and energy crises. Recently, Sungjin Yu et al. proposed a PUF-based, robust, and anonymous authentication and key establishment scheme for V2G networks. In this paper, we show that the proposed protocol does not provide user anonymity and is vulnerable to tracing attack. We also found their scheme is vulnerable to ephemeral secret leakage attacks.

This paper studies the limitations of the generic approaches to solving cryptographic problems in classical and quantum settings in various models. - In the classical generic group model (GGM), we find simple alternative proofs for the lower bounds of variants of the discrete logarithm (DL) problem: the multiple-instance DL and one-more DL problems (and their mixture). We also re-prove the unknown-order GGM lower bounds, such as the order finding, root extraction, and repeated squaring. - In the quantum generic group model (QGGM), we study the complexity of variants of the discrete logarithm. We prove the logarithm DL lower bound in the QGGM even for the composite order setting. We also prove an asymptotically tight lower bound for the multiple-instance DL problem. Both results resolve the open problems suggested in a recent work by Hhan, Yamakawa, and Yun. - In the quantum generic ring model we newly suggested, we give the logarithmic lower bound for the order-finding algorithms, an important step for Shor's algorithm. We also give a logarithmic lower bound for a certain generic factoring algorithm outputting relatively small integers, which includes a modified version of Regev's algorithm. - Finally, we prove a lower bound for the basic index calculus method for solving the DL problem in a new idealized group model regarding smooth numbers. The quantum lower bounds in both models allow certain (different) types of classical preprocessing. All of the proofs are significantly simpler than the previous proofs and are through a single tool, the so-called compression lemma, along with linear algebra tools. Our use of this lemma may be of independent interest.

Interactive theorem provers (ITPs), such as Lean and Coq, can express formal proofs for a large category of theorems, from abstract math to software correctness. Consider Alice who has a Lean proof for some public statement $T$. Alice wants to convince the world that she has such a proof, without revealing the actual proof. Perhaps the proof shows that a secret program is correct or safe, but the proof itself might leak information about the program's source code. A natural way for Alice to proceed is to construct a succinct, zero-knowledge, non-interactive argument of knowledge (zkSNARK) to prove that she has a Lean proof for the statement $T$.

In this work we build zkPi, the first zkSNARKfor proofs expressed in Lean, a state of the art interactive theorem prover. With zkPi, a prover can convince a verifier that a Lean theorem is true, while revealing little else. The core problem is building an efficient zkSNARKfor dependent typing. We evaluate zkPion theorems from two core Lean libraries: stdlib and mathlib. zkPisuccessfuly proves 57.9% of the theorems in stdlib, and 14.1% of the theorems in mathlib, within 4.5 minutes per theorem. A zkPiproof is sufficiently short that Fermat could have written one in the margin of his notebook to convince the world, in zero knowledge, that he proved his famous last theorem.

Interactive theorem provers (ITPs) can express virtually all systems of formal reasoning. Thus, an implemented zkSNARKfor ITP theorems generalizes practical zero-knowledge's interface beyond the status quo: circuit satisfiability and program execution.

Recent constructions of private information retrieval (PIR) have seen significant improvements in computational performance. However, these improvements rely on heavy offline preprocessing that is typically difficult in real-world applications. Motivated by the question of PIR with no offline processing, we introduce WhisPIR, a fully stateless PIR protocol with low per-query communication. WhisPIR clients are all ephemeral, meaning that they appear with only the protocol public parameters and disappear as soon as their query is complete, giving no opportunity for additional "offline" communication that is not counted towards the overall query communication. As such, WhisPIR is highly suited for practical applications that must support many clients and frequent database updates.

We demonstrate that WhisPIR requires significantly less communication than all other lattice-based PIR protocols in a stateless setting. WhisPIR is outperformed in computation only by SimplePIR and HintlessPIR when the database entries are large (several kilobytes). WhisPIR achieves this performance by introducing a number of novel optimizations. These include improvements to the index expansion algorithm of SealPIR & OnionPIR that optimizes the algorithm when only one rotation key is available. WhisPIR also makes novel use of the non-compact variant of the BGV homomorphic encryption scheme to further save communication and computation. To demonstrate the practicality of WhisPIR, we apply the protocol to the problem of secure blocklist checking, an important user-safety application in end-to-end encrypted messaging.

Zero-knowledge circuits are frequently required to prove gadgets that are not optimised for the constraint system in question. A particularly daunting task is to embed foreign arithmetic such as Boolean operations, field arithmetic, or public-key cryptography.

We construct techniques for offloading foreign arithmetic from a zero-knowledge circuit including: (i) equality of discrete logarithms across different groups; (ii) scalar multiplication without requiring elliptic curve operations; (iii) proving knowledge of an AES encryption.

To achieve our goal, we employ techniques inherited from rejection sampling and lookup protocols. We implement and provide concrete benchmarks for our protocols.

We present a concretely efficient and simple extractable witness encryption scheme for KZG polynomial commitments. It allows to encrypt a message towards a triple $(\mathsf{com}, \alpha, \beta)$, where $\mathsf{com}$ is a KZG commitment for some polynomial $f$. Anyone with an opening for the commitment attesting $f(\alpha) = \beta$ can decrypt, but without knowledge of a valid opening the message is computationally hidden. Our construction is simple and highly efficient. The ciphertext is only a single group element. Encryption and decryption both require a single pairing evaluation and a constant number of group operations.

Using our witness encryption scheme, we construct a simple and highly efficient laconic OT protocol, which significantly outperforms the state of the art in most important metrics.

We build a concretely efficient threshold encryption scheme where the joint public key of a set of parties is computed as a deterministic function of their locally computed public keys, enabling a silent setup phase. By eliminating interaction from the setup phase, our scheme immediately enjoys several highly desirable features such as asynchronous setup, multiverse support, and dynamic threshold. Prior to our work, the only known constructions of threshold encryption with silent setup relied on heavy cryptographic machinery such as indistinguishability Obfuscation or witness encryption for all of $\mathsf{NP}$. Our core technical innovation lies in building a special purpose witness encryption scheme for the statement ``at least $t$ parties have signed a given message''. Our construction relies on pairings and is proved secure in the Generic Group Model. Notably, our construction, restricted to the special case of threshold $t=1$, gives an alternative construction of the (flexible) distributed broadcast encryption from pairings, which has been the central focus of several recent works. We implement and evaluate our scheme to demonstrate its concrete efficiency. Both encryption and partial decryption are constant time, taking $<7\,$ms and $<1\,$ms, respectively. For a committee of $1024$ parties, the aggregation of partial decryptions takes $<200\,$ms, when all parties provide partial decryptions. The size of each ciphertext is $\approx 8\times$ larger than an ElGamal ciphertext.

At Eurocrypt 2023, a differential attack on the block cipher Speedy-7-192 was presented. This note shows that the main differential characteristic that this attack is based on has probability zero.

Eligibility checks are often abstracted away or omitted in voting protocols, leading to situations where the voting server can easily stuff the ballot box. One reason for this is the difficulty of bootstraping the authentication material for voters without relying on trusting the voting server. In this paper, we propose a new protocol that solves this problem by building on OpenID, a widely deployed authentication protocol. Instead of using it as a standard authentication means, we turn it into a mechanism that delivers transferable proofs of eligibility. Using zk-SNARK proofs, we show that this can be done without revealing any compromising information, in particular, protecting everlasting privacy. Our approach remains efficient and can easily be integrated into existing protocols, as we have done for the Belenios voting protocol. We provide a full-fledged proof of concept along with benchmarks showing our protocol could be realistically used in large-scale elections.