International Association
for Cryptologic Research

Threshold variants of the Schnorr signature scheme have recently been at the center of attention due to their applications to Bitcoin, Ethereum, and other cryptocurrencies. However, existing constructions for threshold Schnorr signatures among a set of $n$ parties with corruption threshold $t_c$ suffer from at least one of the following drawbacks: (i) security only against static (i.e., non-adaptive) adversaries, (ii) cubic or higher communication cost to generate a single signature, (iii) strong synchrony assumptions on the network, or (iv) $t_c+1$ are sufficient to generate a signature, i.e., the corruption threshold of the scheme equals its reconstruction threshold. Especially (iv) turns out to be a severe limitation for many asynchronous real-world applications where $t_c < n/3$ is necessary to maintain liveness, but a higher signing threshold of $n-t_c$ is needed. A recent scheme, ROAST, proposed by Ruffing et al. (ACM CCS `22) addresses (iii) and (iv), but still falls short of obtaining subcubic complexity and adaptive security.

In this work, we present HARTS, the first threshold Schnorr signature scheme to incorporate all these desiderata. More concretely:

- HARTS is adaptively secure and remains fully secure and operational even under asynchronous network conditions in the presence of up to $t_c < n/3$ malicious parties. This is optimal.

- HARTS outputs a Schnorr signature of size $\lambda$ with a near-optimal amortized communication cost of $O(\lambda n^2 \log{n})$ bits and $O(1)$ rounds per signature.

- HARTS is a high-threshold scheme: no fewer than $t_r+1$ signature shares can be combined to yield a full signature, where $t_r\geq 2n/3 > 2t_c$. This is optimal.

We prove our result in a modular fashion in the algebraic group model. At the core of our construction, we design a new simple, and adaptively secure high-threshold AVSS scheme which may be of independent interest.

In this paper, we present an efficient attack against ${\tt PROV}$, a recent variant of the popular Unbalanced Oil and Vinegar (${\tt UOV}$) multivariate signature scheme, that has been submitted to the ongoing ${\tt NIST}$ standardization process for additional post-quantum signature schemes. A notable feature of ${\tt PROV}$ is its proof of security, namely, existential unforgeability under a chosen-message attack (${\tt EUF-CMA}$), assuming the hardness of solving the system formed by the public-key non-linear equations. We present a polynomial-time key-recovery attack against the first specification of ${\tt PROV}$ (v$1.0$). To do so, we remark that a small fraction of the ${\tt PROV}$ secret-key is leaked during the signature process. Adapting and extending previous works on basic ${\tt UOV}$, we show that the entire secret-key can be then recovered from such a small fraction in polynomial-time. This leads to an efficient attack against ${\tt PROV}$ that we validated in practice. For all the security parameters suggested in by the authors of ${\tt PROV}$, our attack recovers the secret-key in at most $8$ seconds. We conclude the paper by discussing the apparent mismatch between such a practical attack and the theoretical security claimed by ${\tt PROV}$ designers. Our attack is not structural but exploits that the current specification of ${\tt PROV}$ differs from the required security model. A simple countermeasure makes ${\tt PROV}$ immune against the attack presented here and led the designers to update the specification of ${\tt PROV}$ (v$1.1$).

Event date: 13 August to 14 August 2024
Submission deadline: 15 April 2024
Notification: 14 June 2024

Event date: 9 September to 20 December 2024
Submission deadline: 15 March 2024

Post Doc positions in the Mathematics Department of IISER Pune. Positions are not only for cryptography but for the broader field of Mathematics. However cryptography is included in that.

Closing date for applications:

Contact: math.postdocapplications@iiserpune.ac.in

More information: https://www.iiserpune.ac.in/announcements/10/postdoctoral-positions-in-mathematics

Blanqet is a new company that is focused on shaping the future of cryptography in a quantum world. Current members include faculty from Computer Science, Mathematics, Physics and Law at the University of Chicago and Penn State University. For more information see our website, www.blanqet.net.

We are looking to hire several researchers to join our Chicago based team for periods of one to three years with the potential for longer employment. Our focus is on imaginative individuals who are devoted to both research and its practical realization. Relevant areas of interest include, but are not limited to, cryptography, quantum and post-quantum cryptography, computer security, computational algebra and number theory.

Successful candidates will have the opportunity to work alongside other researchers at Blanqet and at the nearby University of Chicago. Joint academic affiliations with the University of Chicago are possible when appropriate.

Applicants are expected to have (or expect to soon have) a Ph.D. in computer science, mathematics, physics or a related area. To apply, submit a curriculum vitae (including a list of publications), and a brief description of your research interests (description of research interests not to exceed two pages, more or less, and arrange for three letters of reference. Applications and letters should be sent via email to contact@blanqet.net. We will make offers on a rolling basis with flexibility as to the start date.

Closing date for applications:

Contact: contact@blanqet.net

Our chair performs research and teaching in the area of IT Security with a strong focus on Network Security and Online Privacy. Our goal is to advance the state of the art in research and to educate qualified computer scientists in the area of IT Security who are able to meet the challenges of the growing demand on securing IT Systems and provide data protection in various areas of our life and society. More information about us can be found at https://www.b-tu.de/en/fg-it-sicherheit.

Tasks:

• Active research in the area of intrusion detection systems (IDS) for critical infrastructures, secure cyber-physical systems, and artificial intelligence / machine learning for traffic analysis
• Implementation and evaluation of new algorithms and methods
• Cooperation and knowledge transfer with industrial partners
• Publication of scientific results
• Assistance with teaching

Requirements:

• Master’s degree (or equivalent) and PhD degree (only for PostDocs) in Computer Science or related disciplines
• Strong interest in IT security and/or networking and distributed systems
• Knowledge of at least one programming language (C++, Java, etc.) and one scripting language (Perl, Python, etc.) or strong willingness to quickly learn new programming languages
• Linux/Unix skills
• Knowledge of data mining, machine learning, statistics and result visualization concepts is of advantage
• Excellent working knowledge of English; German is of advantage
• Excellent communication skills

Applications containing the following documents:

• A detailed Curriculum Vitae
• Transcript of records from your Master studies
• An electronic version of your Master thesis, if possible should be sent in a single PDF file as soon as possible, but not later than 15.03.2024 at itsec-jobs.informatik@lists.b-tu.de. Applications sent to email addresses other than that will be automatically discarded.

Closing date for applications:

Contact:

For more information about the vacant position please contact Prof. A. Panchenko (E-Mail: itsec-jobs.informatik@lists.b-tu.de).

More information: https://www.informatik.tu-cottbus.de/~andriy/phd-ad-btu_en.pdf

Traditional STARKs require a cyclic group of a smooth order in the field. This allows efficient interpolation of points using the FFT algorithm, and writing constraints that involve neighboring rows. The Elliptic Curve FFT (ECFFT, Part I and II) introduced a way to make efficient STARKs for any finite field, by using a cyclic group of an elliptic curve. We show a simpler construction in the lines of ECFFT over the circle curve $x^2 + y^2 = 1$. When $p + 1$ is divisible by a large power of $2$, this construction is as efficient as traditional STARKs and ECFFT. Applied to the Mersenne prime $p = 2^{31} − 1$, which has been recently advertised in the IACR eprint 2023:824, our preliminary benchmarks indicate a speed-up by a factor of $1.4$ compared to a traditional STARK using the Babybear prime $p = 2^{31} − 2^{27} + 1$.

Multivariate cryptography is one of the main candidates for creating post-quantum public key cryptosystems. Especially in the area of digital signatures, there exist many practical and secure multivariate schemes. The signature schemes UOV and Rainbow are two of the most promising and best studied multivariate schemes which have proven secure for more than a decade. However, so far the security of multivariate signature schemes towards physical attacks has not been appropriately assessed. Towards a better understanding of the physical security of multivariate signature schemes, this paper presents fault attacks against SingleField schemes, especially UOV and Rainbow. Our analysis shows that although promising attack vectors exist, multivariate signature schemes inherently offer a good protection against fault attacks.

The learning parity with noise (LPN) problem has been widely utilized in classical cryptography to construct cryptographic primitives. Various variants of LPN have been proposed, including LPN over large fields and LPN with regular noise, depending on the underlying space and the noise regularity. These LPN variants have proven to be useful in constructing cryptographic primitives.

We propose an improvement to the Gaussian elimination attack, which is also known as Prange's information set decoding algorithm, for solving the LPN problem. Contrary to prevailing knowledge, we find that the Gaussian elimination attack is highly competitive and currently the best method for solving LPN over large fields. Our improvement involves applying partial Gaussian elimination repeatedly, rather than the whole Gaussian algorithm, which we have named the ``Reduce and Prange's algorithm".

Moreover, we provide two applications of Reduce and Prange algorithms: One is the hybrid algorithm of ours and Berstein, Lange and Peters's algorithm at PQCrypto'08, and the other one is Reduce and Prange algorithm for LPN with regular noise.

Last, we provide a concrete estimation of the bit-security of LPN variants using our Reduce and Prange's frameworks. Our results show that the bit-security of LPN over $\mathbb{F}_q$ is reduced by 5-11 bits when $\log q = 128$ compared to previous analysis by Liu et al. (will appear at Eurocrypt'24). Furthermore, we show that our algorithm outperforms recent work by Briaud and Øygard (Eurocrypt'23) and Liu et al. for certain parameters. It reduces the bit-security of LPN with regular noise by 5-28 bits.

Multi-user (mu) security considers large-scale attackers that, given access to a number of cryptosystem in stances, attempt to compromise at least one of them. We initiate the study of mu security of the so-called GGMtree that stems from the PRG-to-PRF transformation of Goldreich, Goldwasser, and Micali, with a goal to provide references for its recently popularized use in applied cryptography. We propose a generalized model for GGM trees and analyze its mu prefix-constrained PRF security in the random oracle model. Our model allows to derive concrete bounds and improvements for various protocols, and we showcase on the Bitcoin-Improvement-Proposal standard Bip32 hierarchical wallets and function secret sharing (FSS) proto cols. In both scenarios, we propose improvements with better performance and concrete security bounds at the same time. Compared with the state-of-the-art designs, our SHACAL3- and KeccaK-?-based Bip32 vari ants reduce the communication cost of MPC-based implementations by 73.3%∼93.8%, while our AES-based FSS substantially improves mu security while reducing computations by 50%.

We present a new method for efficient look-up table (LUT) evaluation in homomorphic encryption (HE), based on Ring-LWE-based HE schemes, including both integer-message schemes such as Brakerski-Gentry-Vaikuntanathan (BGV) and Brakerski/Fan-Vercauteren (BFV), and complex-number-message schemes like the Cheon-Kim-Kim-Song (CKKS) scheme. Our approach encodes bit streams into codewords and translates LUTs into low-degree multivariate polynomials, allowing for the simultaneous evaluation of multiple independent LUTs with minimal overhead. To mitigate noise accumulation in the CKKS scheme, we propose a novel noise-reduction technique, accompanied by proof demonstrating its effectiveness in asymptotically decreasing noise levels. We demonstrate our algorithm's effectiveness through a proof-of-concept implementation, showcasing significant efficiency gains, including a 0.029ms per slot evaluation for 8-input, 8-output LUTs and a 280ms amortized decryption time for AES-128 using CKKS on a single GPU. This work not only advances LUT evaluation in HE but also introduces a transciphering method for the CKKS scheme utilizing standard symmetric-key encryption, bridging the gap between discrete bit strings and numerical data.

Homomorphic encryption has been an active area of research since Gentry's breakthrough results on fully homomorphic encryption. We present secret key somewhat homomorphic schemes where client privacy is information-theoretic (server can be computationally unbounded). As the group order in our schemes gets larger, entropy approaches max- imal entropy (perfect security). Our basic scheme is additive somewhat homomorphic. In one scheme, the server handles circuit multiplication gates by returning the mulitiplicands to the client which does the multiplication and sends back the encrypted product. We give a 2-party protocol that also incorporates server inputs where the client privacy is information-theoretic. Server privacy is not information-theoretic, but rather depends on hardness of the subset sum problem. Correctness for the server in the malicious model can be verified by a 3rd party where the client and server privacy are information-theoretically protected from the verifier. Scaling the 2PC protocol via separate encryption parameters for smaller subcircuits allows the ciphertext size to grow logarithmically as circuit size grows.

The advancements in information technology have made the Advanced Encryption Standard (AES) and the PRESENT cipher indispensable in ensuring data security and facilitating private transactions. AES is renowned for its flexibility and widespread use in various fields, while the PRESENT cipher excels in lightweight cryptographic situations. This paper delves into a dual examination of the Key Scheduling Algorithms (KSAs) of AES and the PRESENT cipher, which play a crucial role in generating round keys for their respective encryption techniques. By implementing deep learning methods, particularly a Neural Network model, our study aims to unravel the complexities of these KSAs and shed light on their inner workings.

Event date: 7 May 2024
Submission deadline: 21 February 2024
Notification: 20 March 2024

A position for a PhD student in Cryptography is available in the newly formed research group led by Lorenz Panny in the Department of Mathematics, within the TUM School of Computation, Information and Technology, located at the Garching campus.

The group was established in 2023 and primarily focuses on mathematical aspects of post-quantum cryptography: for example, this includes topics such as classical and quantum cryptanalysis, cryptographic constructions based on isogenies of abelian varieties and other algebraic objects, and efficient algorithms for both attacks and secure implementations.

Please refer to the linked website for details on the position and application process.

Closing date for applications:

Contact: Lorenz Panny, lorenz.panny@tum.de

More information: https://portal.mytum.de/jobs/wissenschaftler/NewsArticle_20240216_105137

Trusted Execution Environments (TEEs) allow users to run their software in a secure enclave while assuring the integrity and confidentiality of data and applications. However, cloud computing these days relies heavily on peripherals such as GPUs, NICs, and FPGAs. Extending the security guarantees of CPU-based TEEs to such accelerators is currently not possible. New technologies are being proposed to address this, notably the PCIe Trusted Device Interface Security Protocol (TDISP). In this project, together with researchers at the University of Southampton, we will thoroughly evaluate the security guarantees of this new PCIe standard and its ability to provide trusted execution against strong adversaries.

Suitable candidates need a strong background in system-level programming (e.g. Rust, C, C++) and/or embedded systems/hardware security. We also expect a first-class UG or PG degree in a relevant subject (e.g. computer science or electrical engineering).

Funding: The studentship covers a stipend and tuition fees (we might be able to cover overseas student fees depending on the candidate and circumstances). The stipend provides an annual maintenance allowance of £18,622. The allowance is paid as a (usually) tax-free stipend and its rate is usually incremented on 1 October each following year. We provide personal laptops and travel funding to attend conferences (subject to prior approval) and one summer school (or equivalent). Students will also be given the chance to participate in teaching activities, including creating and grading exercises as well as conducting laboratory and tutorial sessions, which are compensated separately.

How to apply: Please first send your CV, a transcript with a list of courses and grades, and a description of your research interests to d.f.oswald (at) bham.ac.uk before 15 March 2024, with the title of the position ("PhD IOTEE: Securing and analysing trusted execution beyond the CPU") in the subject line. We will then contact you about potential next steps.

Closing date for applications:

Contact: For informal enquiries, contact David Oswald d.f.oswald@bham.ac.uk

More information: https://www.cs.bham.ac.uk/~oswalddf/phd-projects.php

The College of Computing at Mohammed VI Polytechnic University (UM6P), Benguerir, Morocco is currently looking for motivated and talented Postdoctoral researchers in the area Artificial Intelligence for Cybersecurity, and Quantum Cryptography. The successful candidates will primarily be working on the following topics (but not limited to):
• Artificial Intelligence for Cybersecurity
• Quantum Cryptography
• Quantum Blockchain

Key duties:
The Postdoctoral researcher will be expected to:
• Publish in high impact journals in the field.
• Participate to the supervision of PhD students and research internships.

Criteria of the candidate:
• PhD in the field of Cryptography, Computer security or any related field.
• Strong publication record in high impact conferences / journals.
• Very good programming skills (e.g., C, C++, Python), familiarity with Linux
• Proficiency in English and ability to work in a team
• Outstanding analytical and problem-solving skills

Employment terms:
The successful candidate will be employed by Mohammed VI Polytechnic University (UM6P) based at Benguerir (50 km north of Marrakech), Morocco. The net salary per month is 2000 USD. The initial appointment as Postdoctoral researcher will be for one-year renewable depending on satisfactory performance.

Applications and selection procedure:
Applications must be sent using a single electronic zipped folder with the mention of the job title in the mail subject. The folder must contain:
• A 1-page cover letter with main research interests.
• A detailed CV.
• A 1-page brief research statement.
• Contact information of 2 references (Applicants are assumed to have obtained their references’ consent to be contacted for this matter).

Contact: Prof. Mustapha Hedabou (mustapha.hedabou@um6p.ma)

Closing date for applications:

Contact: Prof. Mustapha Hedabou

We are looking for a talented and motivated engineer who will contribute to building the cryptographic infrastructure of our Web 3.0-enabled blockchain ecosystem. You will be involved in the design and implementation of blockchain scaling solutions, primarily based on zero-knowledge cryptography, with the aim of dramatically reducing the costs that blockchain operators incur when deploying their products. Our international team works in a stimulating and innovative environment, where technical expertise and experience contribute to the development of cutting-edge blockchain technology. You will be joining a small, deeply driven team of highly technical minds in a culture of openness, pragmatism, and ownership of challenging problems that span software engineering, systems design, cryptography, and computing.

What You’ll Own

• Design and implementation of blockchain-based cryptographic solutions leveraging modern cryptography (ZK, MPC, FHE).
• Assume technical responsibility of novel systems while identifying areas for innovative research and development.
• Writing reusable, testable, and efficient code with a focus on best practices and security.
• Help shape the future of the company where you will be intimately involved in the strategic decision making process and immediately see the impact of your contributions.
• Attend conferences and find opportunities in the on-chain ecosystem.

Closing date for applications:

Contact: People & Talent Team - recruiting@horizenlabs.io

More information: https://boards.greenhouse.io/horizenlabs/jobs/5075393004

Your mission

Collaborating with two experienced teams in security, digital hardware and software, you will contribute to the development of an embedded anchor of trust for future generation of sustainable IoT devices, enabling features such as post quantum cryptography, threshold cryptography, distributed architectures, or reconfigurability over the air. You will be working closely with a diverse team of engineers and researchers, and you will take a leading role in transforming a vision into tangible IPs.

Your responsibilities

• Research in applied cryptography and implementations for embedded devices.
• Implement cryptography and security primitives for embedded devices; mainly HW/SW co-design.
• Develop Proof of concepts based on advanced cryptography topics.
• Harden security modules against side channel attacks, software attacks and other threats.
• Adopt a holistic approach to design and implement robust features yielding solid foundations for end-to-end security.
• Propose innovative security IPs, challenge them against state of the art and review them with peers.

Your profile
Know-how

• PhD graduate or an MSc graduate.
• Background in one or more of these fields: digital design, embedded software design and applied cryptography.
• A high motivation to progress and excel in the field of applied cryptography and embedded security.
• Experience in digital hardware or embedded software development.
• Programming skills in VHDL, C, Python (or equivalent).
• Fluent in English. French or German are an advantage.

Interpersonal skills

• Natural curiosity and ability to adapt to new situations.
• Autonomous and hands-on, motivated to take initiative in the development of innovative solutions.
• Open-minded attitude and well-developed team-spirit.

Closing date for applications:

Contact: Damian Vizar

More information: https://www.csem.ch/en/jobs/151354/