IACR News
Here you can see all recent updates to the IACR webpage. These updates are also available:
20 November 2024
Stevens Institute of Technology
Job PostingResponsibilities: Successful candidates are expected to have a strong commitment to excellence in teaching at both the graduate and undergraduate level. They are also expected to advise students, supervise them in research, and contribute to the intellectually vibrant, highly interdisciplinary, collaborative, diverse, innovative, and entrepreneurial culture at Stevens.
Required Education and Experience: Applicants must have earned a Ph.D. in computer science or a related discipline. The department especially seeks candidates with a strong background in systems and security but will consider applications in all areas of computer science.
Closing date for applications:
Contact: Sandeep Bhatt (Sandeep.Bhatt@stevens.edu)
More information: https://academicjobsonline.org/ajo/jobs/29085
18 November 2024
TU Wien, Department of Computer Science, Vienna
Job PostingSelected applicants will partner with us to develop and submit a joint proposal to the WWTF Funding Portal. This is a two-step selection process, with an initial evaluation at the Vienna Cybersecurity Center to assess the applicants’ suitability, followed by the formal proposal preparation for WWTF submission.
In a Nutshell: Successful candidates will receive a tenure-track position at TU Wien along with €1.8 million in personal funding to establish and lead their own research group. Up to three positions will be awarded, empowering selected young researchers to conduct groundbreaking AI/ML research that transforms their chosen discipline.
Potential Research Topics in IT Security with AI/ML Focus:
Applicants are encouraged to propose innovative ideas in IT security that align with the WWTF call’s focus on advancing AI/ML concepts and their transformative impact. Suggested topics include (selection!):
Privacy-Preserving Machine Learning Creating methods to enhance privacy in AI/ML, such as differential privacy or federated learning, applied to secure systems.
Cryptographic Protocols Enhanced by AI Leveraging AI/ML to optimize cryptographic protocols, potentially enhancing performance and security in encryption, authentication, or blockchain-based applications.
Application Materials:
- Curriculum Vitae (CV)
- List of Publications
- 1-Page Outline of the Main Idea of the Proposal
Closing date for applications:
Contact: Prof. Dr. Dominique Schröder
More information: https://cysec.wien/calls/call_wwtf_collaboration/
Shanghai Jiao Tong University, John Hopcroft Center for Computer Science; Shanghai, China
Job PostingThe John Hopcroft Center for Computer Science at Shanghai Jiao Tong University (SJTU) is seeking to fill several tenure-track positions in computer science at the rank of Assistant Professor and Associate Professor starting on a mutually agreed date. Faculty duties include research, teaching at the undergraduate and graduate levels, and supervision of student research. Candidates should hold a Ph.D. in computer science or a related field by the start of employment.
Shanghai Jiao Tong University is one of the oldest and most prestigious universities in China, which enjoys a long history and a world-renowned reputation. The John Hopcroft Center for Computer Science at SJTU was established in January 2017 and is named after John Hopcroft, a Turing Award winner, Foreign Member of the Chinese Academy of Sciences. The center is led by him as the director. The mission of the center is to create a relaxed and free international academic environment, recruit promising young scholars, and help them grow into world-class scholars in the field of computer science. For more information about our center, please visit our website at https://jhc.sjtu.edu.cn/.
Strong candidates in all areas will be considered with special consideration given (but not limited) to Cryptography and Cyber Security, Artificial Intelligence, Quantum Computing, Computer Architecture, Database, Operating System, Software Engineering etc. An internationally competitive package for salary and benefits will be offered by the Center. SJTU makes a great effort to provide a startup research grant.
Apply: To apply, please submit a curriculum vita (CV) to Prof. Haiming Jin at jhc@sjtu.edu.cn and Prof. YuYu at yyuu@sjtu.edu.cn. To ensure full consideration, please apply by June 30 2025, although applications will be accepted until all positions are filled.
Closing date for applications:
Contact: Prof. Haiming Jin at jhc@sjtu.edu.cn and Prof. YuYu at yyuu@sjtu.edu.cn
More information: https://jhc.sjtu.edu.cn/
Multiple academic teaching positions (Lecturer/ Assistant Professor/ Associate Professor/ Professor)
Xiamen University Malaysia, Sepang, Malaysia
Job PostingCandidates in computer science and cyber security are welcome to apply. The ideal candidate is expected to be able to support general computing subjects, as well as cyber security specialization subjects. Applicants must possess their first (Bachelor's) degree in computing and PhD in a related discipline.
Applicants with specific teaching and research interests in one or more of the following areas from each group are encouraged to apply:
Cybersecurity
- Malware Analysis
- Cryptanalysis
- Biometrics
- Blockchain Technology
- Cyber Security Laws and Regulations
Computing
- Data Structure
- Design and Analysis of Algorithms
- Computer Networks and Communication
- Principles of Operating Systems
- Big Data Analytics
HOW TO APPLY
Applicants are invited to submit a digital application packet to: recruit_academic@xmu.edu.my and iftekhar.salam@xmu.edu.my
The subject line of your email must include: your name, relevant academic discipline, and the specific position for which you are applying for. All application packets must include the following attachments:
- Your detailed and current CV with publication (*Asterisk to indicate corresponding author, include Indexing & Quartile);
- Cover letter;
- List of courses from the above that the candidate can support;
- Evidence of academic qualifications (Bachelor, Master & PhD Certificate; Bachelor, Master & PhD Transcripts and Professional Certificates);
- 3-5 Full-Text publications (if applicable);
- Teaching evaluation (if applicable);
- Two academic references (at least one of them is the applicant’s current/most recent employer).
Closing date for applications:
Contact: Iftekhar Salam
Nanjing, China, 29 October - 31 October 2025
Event CalendarIsla Vista, USA, 17 August - 21 August 2025
CRYPTOSubmission deadline: 13 February 2025
Notification: 3 May 2025
Andreas Ellison, Karen Klein
ePrint ReportIn this work, we prove a tighter bound for the security of TreeKEM. We follow the approach in the aforementioned work and first introduce a modified version of the public-key GSD game better suited for analyzing TreeKEM. We then provide a simple and detailed proof of security for a specific encryption scheme, the DHIES scheme (currently the only standardized scheme in MLS), in this game in the ROM and achieve a tighter bound compared to the result from Klein et. al. We also define and describe the syntax and security of TreeKEM-like schemes and state a result linking the security of TreeKEM with security in our GSD game in the ROM.
Mohammad Hajiabadi, Roman Langrehr, Adam O'Neill, Mingyuan Wang
ePrint ReportProving lower bounds for private-key functional encryption schemes introduces challenges that were absent in prior works. In particular, the combinatorial techniques developed by prior works for proving black-box lower bounds are only useful in the public-key setting and predicate encryption settings, which all fail for the private-key FE case. Our work develops novel combinatorial techniques based on Fourier analysis to overcome these barriers. We expect these techniques to be widely useful in future research in this area.
Alper Çakan, Vipul Goyal
ePrint ReportThe unclonable nature of quantum information allows us to build various quantum protection schemes for cryptographic information such as secret keys. Examples of quantum protection notions include copy-protection, secure leasing, and finally, unbounded leakage-resilience, which was recently introduced by Çakan, Goyal, Liu-Zhang and Ribeiro (TCC'24). Çakan et al show that secrets of various cryptographic schemes (such as cryptographic keys or secret shares) can be protected by storing them as quantum states so that they satisfy LOCC (local operation and classical communication) leakage-resilience: the scheme can tolerate any unbounded amount of adaptive leakage over unbounded rounds. As a special case (dubbed $1$-round leakage), this also means that those quantum states cannot be converted to classical strings (without completely losing their functionality).
In this work, we continue the study of unbounded/LOCC leakage-resilience and consider several new primitive. In more details, we build ciphertexts, signatures and non-interactive zero-knowledge proofs with unbounded leakage-resilience. We show the following results.
- Assuming the existence of a classical $X \in \{\text{secret-key encryption}, \text{public-key encryption}\}$ scheme, we construct an $X$ scheme with LOCC leakage-resilient ciphertexts. This guarantees that an adversary who obtains LOCC-leakage on ciphertexts cannot learn anything about their contents, even if they obtain the secret key later on.
- Assuming the existence of a classical signature scheme and indistinguishability obfuscation (iO), we construct a signature scheme with LOCC leakage-resilient signatures. This guarantees that an adversary who obtains LOCC-leakage on various signatures cannot produce any valid signatures at all other than the ones it obtained honestly!
- Assuming the existence of one-way functions and indistinguishability obfuscation (iO), we construct a NIZK proof system with LOCC leakage-resilient proofs. This guarantees that an adversary who obtains LOCC-leakage on a NIZK proof of an hard instance cannot produce a valid proof!
Suparna Kundu, Quinten Norga, Uttam Kumar Ojha, Anindya Ganguly, Angshuman Karmakar, Ingrid Verbauwhede
ePrint ReportAndrea Flamini, Eysa Lee, Anna Lysyanskaya
ePrint ReportAny digital credential system, including anonymous credentials, needs to be secured against identity theft and fraud. In this work, we introduce the notion of a multi-holder anonymous credential scheme that allows issuing shares of credentials to different authentication factors (or ``holders''). To present the credential, the user's authentication factors jointly run a threshold presentation protocol. Our definition of security requires that the scheme provide unforgeability: the adversary cannot succeed in presenting a credential with identity attributes that do not correspond to an identity for which the adversary controls at least $t$ shares; this is true even if the adversary can obtain credentials of its choice and cause concurrent executions of the presentation protocol. Further, our definition requires that the presentation protocol provide security with identifiable abort. Finally, presentations generated by all honest holders must be unlinkable and must not reveal the user's secret identity attributes even to an adversary that controls some of the user's authentication factors.
We design and prove the (concurrent) security of a multi-holder version of the BBS anonymous credential scheme. In our construction, each holder is issued a secret share of a BBS credential. Using these shares, the holders jointly compute a credential presentation that is identical to (and therefore compatible with) the traditional, single-holder variant (due to Tessaro and Zhu, Eurocrypt'23) of a BBS credential presentation.
Wenhao Wang, Fangyan Shi, Dani Vilardell, Fan Zhang
ePrint ReportIn this paper, we introduced $\mathsf{Cirrus}$, the first accountable distributed proof generation protocol with linear computation complexity for all parties. $\mathsf{Cirrus}$ is based on HyperPlonk (EUROCRYPT'23) and therefore supports a universal trusted setup. $\mathsf{Cirrus}$ is horizontally scalable: proving statements about a circuit of size $O(MT)$ takes $O(T)$ time with $M$ workers. The per-machine communication cost of $\mathsf{Cirrus}$ is low, which is only logarithmic in the size of each sub-circuit. $\mathsf{Cirrus}$ is also accountable, and the verification overhead of the coordinator is efficient. We further devised a load balancing technique to make the workload of the coordinator independent of the size of each sub-circuit.
We implemented an end-to-end prototype of $\mathsf{Cirrus}$ and evaluated its performance on modestly powerful machines. Our results confirm the horizontal scalability of $\mathsf{Cirrus}$, and the proof generation time for circuits with $2^{25}$ gates is roughly $40$s using $32$ $8$-core machines. We also compared $\mathsf{Cirrus}$ with Hekaton (CCS'24), and $\mathsf{Cirrus}$ is faster when proving PLONK-friendly circuits such as Pedersen hash.
David Inyangson, Sarah Radway, Tushar M. Jois, Nelly Fazio, James Mickens
ePrint ReportAlexander R. Block, Zhiyong Fang, Jonathan Katz, Justin Thaler, Hendrik Waldner, Yupeng Zhang
ePrint ReportIn this work, we construct a code-based SNARK that does not rely on any specific underlying field; i.e., it is field-agnostic. Our construction follows the framework of Brakedown (CRYPTO '23) and builds a polynomial commitment scheme (and hence a SNARK) based on recently introduced expand-accumulate codes. Our work generalizes these codes to arbitrary finite fields; our main technical contribution is showing that, with high probability, these codes have constant rate and constant relative distance (crucial properties for building efficient SNARKs), solving an open problem from prior work.
As a result of our work we obtain a SNARK where, for a statement of size $M$ , the prover time is $O(M \log M )$ and the proof size is $O(\sqrt{M} )$. We demonstrate the concrete efficiency of our scheme empirically via experiments. Proving ECDSA verification on the secp256k1 curve requires only 0.23s for proof generation, 2 orders of magnitude faster than SNARKs that are not field-agnostic. Compared to the original Brakedown result (which is also field-agnostic), we obtain proofs that are 1.9–2.8$\times$ smaller due to the good concrete distance of our underlying error-correcting code, while introducing only a small overhead of 1.2$\times$ in the prover time.
Benoit Coqueret, Mathieu Carbone, Olivier Sentieys, Gabriel Zaid
ePrint ReportIn this work, we introduce a new end-to-end attack framework designed for model extraction of embedded DNNs with high fidelity. We describe a new black-box side-channel attack which splits the DNN in several linear parts for which we can perform cryptanalytic extraction and retrieve the weights in hard-label settings. With this method, we are able to adapt cryptanalytic extraction, for the first time, to non-fully connected DNNs, while maintaining a high fidelity. We validate our contributions by targeting several architectures implemented on a microcontroller unit, including a Multi-Layer Perceptron (MLP) of 1.7 million parameters and a shortened MobileNetv1. Our framework successfully extracts all of these DNNs with high fidelity (88.4% for the MobileNetv1 and 93.2% for the MLP). Furthermore, we use the stolen model to generate adversarial examples and achieve close to white-box performance on the victim's model (95.8% and 96.7% transfer rate).
Diane Leblanc-Albarel, Bart Preneel
ePrint ReportOleksandr Kurbatov, Lasha Antadze, Ameen Soleimani, Kyrylo Riabov, Artem Sdobnov
ePrint Report15 November 2024
Oxford University, Department of Computer Science
Job PostingClosing date for applications:
Contact: Head of Department, Professor Leslie Ann Goldberg (head-of-dept@cs.ox.ac.uk).
More information: https://my.corehr.com/pls/uoxrecruit/erq_jobspec_details_form.jobspec?p_id=173846
Hao Lei, Raghvendra Rohit, Guoxiao Liu, Jiahui He, Mohamed Rachidi, Keting Jia, Kai Hu, Meiqin Wang
ePrint ReportAsmita Adhikary, Abraham J. Basurto Becerra, Lejla Batina, Ileana Buhan, Durba Chatterjee, Senna van Hoek, Eloi Sanfelix Gonzalez
ePrint ReportTaking the binary file of the target implementation as input, ARCHER generates interactive visualizations and a detailed report highlighting execution statistics, leakage points, and their causes. It is the first architecture-level tool tailored for the RISC-V architecture to guide the implementation of cryptographic algorithms resistant to power side-channel attacks. ARCHER is algorithm-agnostic, supports pre-silicon analysis for both high-level and assembly code, and enables efficient root cause identification. We demonstrate ARCHER’s effectiveness through case studies on AES and ASCON implementations, where it accurately traces the source of side-channel leaks.