International Association
for Cryptologic Research

In blockchain networks, transaction latency is crucial for determining the quality of service (QoS). The latency of a transaction is measured as the time between its issuance and its inclusion in a block in the chain. A block proposer often prioritizes transactions with higher fees or transactions from accounts it is associated with, to minimize their latencies. To maintain fairness among transactions, a block proposer is expected to select the included transactions randomly. The random selection might cause some transactions to experience high latency following the variance in the time a transaction waits until it is selected. We suggest an alternative, age-aware approach towards fairness so that transaction priority is increased upon observing a large waiting time. We explain that a challenge with this approach is that the age of a transaction is not absolute due to transaction propagation. Moreover, a node might present its transactions as older to obtain priority. We describe a new technique to enforce a fair block selection while prioritizing transactions that observed high latency. The technique is based on various declaration schemes in which a node declares its pending transactions, providing the ability to validate transaction age. By evaluating the solutions on Ethereum data and synthetic data of various scenarios, we demonstrate the advantages of the approach under realistic conditions and understand its potential impact to maintain fairness and reduce tail latency.

SNOVA is a post-quantum cryptographic signature scheme known for its efficiency and compact key sizes, making it a second-round candidate in the NIST post-quantum cryptography standardization process. This paper presents a comprehensive fault analysis of SNOVA, focusing on both permanent and transient faults during signature generation. We introduce several fault injection strategies that exploit SNOVA's structure to recover partial or complete secret keys with limited faulty signatures. Our analysis reveals that as few as $22$ to $68$ faulty signatures, depending on the security level, can suffice for key recovery. We propose a novel fault-assisted reconciliation attack, demonstrating its effectiveness in extracting the secret key space via solving a quadratic polynomial system. Simulations show transient faults in key signature generation steps can significantly compromise SNOVA’s security. To address these vulnerabilities, we propose a lightweight countermeasure to reduce the success of fault attacks without adding significant overhead. Our results highlight the importance of fault-resistant mechanisms in post-quantum cryptographic schemes like SNOVA to ensure robustness.

In this paper, we present the first single trace side-channel attack that targets the MPC-in-the-Head (MPCitH) framework based on threshold secret sharing, also known as Threshold Computation in the Head (TCitH) in its original version. This MPCitH framework can be found in 5 of the 14 digital signatures schemes in the recent second round of the National Institute of Standards and Technology (NIST) call for digital signatures. In this work, we start by highlighting a side-channel vulnerability of the TCitH framework and show an exploitation of it on the SDitH algorithm, which is part of this NIST call. Specifically, we exploit the leakage of a multiplication function in the Galois field to make predictions about intermediate values, and we use the structure of the algorithm to combine information efficiently. This allows us to build an attack that is both the first Soft Analytical Side-Channel Attack (SASCA) targeting the MPCitH framework, as well as the first attack on SDitH. More specifically, we build a SASCA based on Belief Propagation (BP) on the evaluation of polynomials in the signature using the threshold variant structure to reconstruct the secret key. We perform simulated attacks under the Hamming Weight (HW) leakage model, enabling us to evaluate the resistance of the scheme against SASCA. We then perform our attacks in a real case scenario, more specifically on the STM32F407, and recover the secret key for all the security levels. We end this paper by discussing the various shuffling countermeasures we could use to mitigate our attacks.

As language models are increasingly deployed in cloud environments, privacy concerns have become a significant issue. To address this, we design THOR, a secure inference framework for transformer models on encrypted data. Specifically, we first propose new fast matrix multiplication algorithms based on diagonal-major order encoding and extend them to parallel matrix computation through the compact ciphertext packing technique. Second, we design efficient protocols for secure computations of four non-linear functions such as softmax, LayerNorm, GELU, and Tanh, by integrating advanced underlying approximation methods with tailored optimizations. Our matrix multiplication algorithms reduce the number of key-switching operations in the linear layers of the attention block in the BERT-base model by up to 14.5x, compared to the state-of-the-art HE-based secure inference protocol (Park et al., Preprint). Combined with cryptographic optimizations, our experimental results demonstrate that THOR provides secure inference for the BERT-base model with a latency of 10.43 minutes on a single GPU, while maintaining comparable inference accuracy on the MRPC dataset.

In this paper we explain how we implemented the Secure Hash Algorithm-3 (SHA-3) family of functions in Lean 4, a functional programming language and theorem prover. We describe how we used several Lean facilities including type classes, dependent types, macros, and formal verification, and then refined the design to provide a simple one-shot and streaming API for hashing, and Extendable-output functions (XOFs), to reduce potential for misuse by users, and formally prove properties about the implementation.

Homomorphic encryption (HE) is a foundational technology in privacy-enhancing cryptography, enabling non-interactive computation over encrypted data. Recently, generalized HE primitives designed for multi-party applications, such as multi-group HE (MGHE), have gained significant research interest. While constructing secure multi-party protocols from (MG)HE in the semi-honest model is straightforward, zero-knowledge techniques are essential for ensuring security against malicious adversaries.

In this work, we design practical proof systems for MGHE to guarantee the well-formedness of public keys and ciphertexts. Specifically, we develop and optimize a polynomial interactive oracle proof (PIOP) for MGHE, which can be compiled into zk-SNARKs using a polynomial commitment scheme (PCS).

We compile our PIOP using a lattice-based PCS, and our implementation achieves a 5.5x reduction in proof size, a 70x speed-up in proof generation, and a 343x improvement in verification time compared to the previous state-of-the-art construction, PELTA (ACM CCS 2023). Additionally, our PIOPs are modular, enabling the use of alternative PCSs to optimize other aspects, such as further reducing proof sizes.

Event date: 1 October to 3 October 2025
Submission deadline: 18 April 2025
Notification: 4 July 2025

We are looking for two motivated PhD students in the area of cryptography. The positions are fully funded with 3-year duration and the starting date is negotiable. The research topics are mainly in public-key cryptography, including, but not limited to, public-key primitives with advanced functionality, lattice-based cryptography, and privacy-preserving protocols. The applicants should have a solid background in Computer Science, Mathematics, or relevant fields. If interested, please send your CV (including a list of publications and language test marks), transcripts, and a short research statement (about your research background and research interest) to us.

Closing date for applications:

Contact: Rupeng Yang (rupengy@uow.edu.au); Zuoxia Yu (zyu@uow.edu.au).

The University of Manchester, ranked 34th globally (QS World University Rankings 2025), is making strategic investments in Computer Science. As part of this initiative, we invite applications for a Lecturer (Assistant Professor) or Senior Lecturer (Associate Professor) position in the department of Computer Science, joining our Systems and Software Security (S3) Group.

About You: We seek an outstanding researcher specializing in areas such as post-quantum cryptography, quantum cryptography, cryptographic protocols, zero-knowledge proofs, or any other emerging fields in theoretical or applied cryptography. Applicants should have a strong publication record in venues like Crypto, Eurocrypt, TCC, STOC, FOCS, ACM CCS, or IEEE S&P, along with the ability to secure research funding and deliver impactful teaching.

Your Role: Conduct world-class research and publish in leading venues. Secure competitive research funding and mentor PhD students. Design and deliver innovative teaching in cryptography and computer science.

Why Manchester?
Permanent Positions: In the UK, these roles are tenured from the start, subject to probation.
Vibrant Environment: Be part of a diverse and collaborative research community with access to state-of-the-art resources.

Why Apply? This is a unique opportunity to advance your career at a globally respected institution in a thriving, inclusive academic environment. Manchester is a dynamic city offering rich opportunities for professional and personal growth.

Closing date for applications:

Contact: For informal enquiries contact Bernardo Magri (bernardo dot magri at manchester dot ac dot uk)

More information: https://www.jobs.manchester.ac.uk/Job/JobDetail?JobId=30869

The Department of Computer Science in the Charles V. Schaefer, Jr. School of Engineering and Science at Stevens Institute of Technology invites applications for two tenure-track and tenured positions at all ranks (assistant, associate, full). This year our priorities are in all aspects of cybersecurity (e.g., systems security, cryptography, privacy, security for AI) and artificial intelligence, which are areas we plan to grow aided by enthusiastic new faculty. Exceptional candidates in other areas may be considered. Endowed chairs are available for exceptional senior candidates.

Responsibilities: Candidates are expected to demonstrate a commitment to teaching and mentorship at both the undergraduate and graduate levels, including working with students from underrepresented groups. Successful candidates will have the potential to develop an externally funded research program, supervise graduate students in research, and contribute to the highly interdisciplinary, collaborative, diverse, innovative, and entrepreneurial culture at Stevens.

Required Education and Experience: Applicants should have earned a Ph.D. in computer science or a related discipline. Candidates applying at the rank of Associate or Full should have a track record of success in scholarship, funded research, teaching, mentoring, and contributing to diversity, equity, and inclusion.

Closing date for applications:

Contact: Samantha Kleinberg (skleinbe@stevens.edu)

More information: https://academicjobsonline.org/ajo/jobs/29135

The Department of Computer Science (CS) in the Charles V. Schaefer, Jr. School of Engineering and Science (SES) at Stevens Institute of Technology (Stevens) invites applications for non-tenure track, teaching faculty positions to begin in September 2025. The rank of the appointment will depend on experience and qualifications.

Responsibilities: Successful candidates are expected to have a strong commitment to excellence in teaching at both the graduate and undergraduate level. They are also expected to advise students, supervise them in research, and contribute to the intellectually vibrant, highly interdisciplinary, collaborative, diverse, innovative, and entrepreneurial culture at Stevens.

Required Education and Experience: Applicants must have earned a Ph.D. in computer science or a related discipline. The department especially seeks candidates with a strong background in systems and security but will consider applications in all areas of computer science.

Closing date for applications:

Contact: Sandeep Bhatt (Sandeep.Bhatt@stevens.edu)

More information: https://academicjobsonline.org/ajo/jobs/29085

The TU Wien Cybersecurity Center is excited to announce a public call for applicants to join a collaborative proposal effort for the 16th Vienna Research Groups for Young Investigators call 2025, titled “Transforming Science with AI/ML”. This prestigious opportunity is part of the WWTF’s Information and Communication Technologies programme and provides funding of up to €1.8 million per research group over six to eight years, with a goal to drive transformative AI/ML research.

Selected applicants will partner with us to develop and submit a joint proposal to the WWTF Funding Portal. This is a two-step selection process, with an initial evaluation at the Vienna Cybersecurity Center to assess the applicants’ suitability, followed by the formal proposal preparation for WWTF submission.

In a Nutshell: Successful candidates will receive a tenure-track position at TU Wien along with €1.8 million in personal funding to establish and lead their own research group. Up to three positions will be awarded, empowering selected young researchers to conduct groundbreaking AI/ML research that transforms their chosen discipline.

Potential Research Topics in IT Security with AI/ML Focus:

Applicants are encouraged to propose innovative ideas in IT security that align with the WWTF call’s focus on advancing AI/ML concepts and their transformative impact. Suggested topics include (selection!):

Privacy-Preserving Machine Learning Creating methods to enhance privacy in AI/ML, such as differential privacy or federated learning, applied to secure systems.

Cryptographic Protocols Enhanced by AI Leveraging AI/ML to optimize cryptographic protocols, potentially enhancing performance and security in encryption, authentication, or blockchain-based applications.

Application Materials:
- Curriculum Vitae (CV)
- List of Publications
- 1-Page Outline of the Main Idea of the Proposal

Closing date for applications:

Contact: Prof. Dr. Dominique Schröder

More information: https://cysec.wien/calls/call_wwtf_collaboration/

The John Hopcroft Center for Computer Science at Shanghai Jiao Tong University (SJTU) is seeking to fill several tenure-track positions in computer science at the rank of Assistant Professor and Associate Professor starting on a mutually agreed date. Faculty duties include research, teaching at the undergraduate and graduate levels, and supervision of student research. Candidates should hold a Ph.D. in computer science or a related field by the start of employment.

Shanghai Jiao Tong University is one of the oldest and most prestigious universities in China, which enjoys a long history and a world-renowned reputation. The John Hopcroft Center for Computer Science at SJTU was established in January 2017 and is named after John Hopcroft, a Turing Award winner, Foreign Member of the Chinese Academy of Sciences. The center is led by him as the director. The mission of the center is to create a relaxed and free international academic environment, recruit promising young scholars, and help them grow into world-class scholars in the field of computer science. For more information about our center, please visit our website at https://jhc.sjtu.edu.cn/.

Strong candidates in all areas will be considered with special consideration given (but not limited) to Cryptography and Cyber Security, Artificial Intelligence, Quantum Computing, Computer Architecture, Database, Operating System, Software Engineering etc. An internationally competitive package for salary and benefits will be offered by the Center. SJTU makes a great effort to provide a startup research grant.

Apply: To apply, please submit a curriculum vita (CV) to Prof. Haiming Jin at jhc@sjtu.edu.cn and Prof. YuYu at yyuu@sjtu.edu.cn. To ensure full consideration, please apply by June 30 2025, although applications will be accepted until all positions are filled.

Closing date for applications:

Contact: Prof. Haiming Jin at jhc@sjtu.edu.cn and Prof. YuYu at yyuu@sjtu.edu.cn

More information: https://jhc.sjtu.edu.cn/

Xiamen University Malaysia is now seeking highly motivated, committed and qualified individuals for academic teaching positions in computer science and cyber security.

Candidates in computer science and cyber security are welcome to apply. The ideal candidate is expected to be able to support general computing subjects, as well as cyber security specialization subjects. Applicants must possess their first (Bachelor's) degree in computing and PhD in a related discipline.

Applicants with specific teaching and research interests in one or more of the following areas from each group are encouraged to apply:

Cybersecurity

• Malware Analysis
• Cryptanalysis
• Biometrics
• Blockchain Technology
• Cyber Security Laws and Regulations

Computing

• Data Structure
• Design and Analysis of Algorithms
• Computer Networks and Communication
• Principles of Operating Systems
• Big Data Analytics

HOW TO APPLY
Applicants are invited to submit a digital application packet to: recruit_academic@xmu.edu.my and iftekhar.salam@xmu.edu.my

The subject line of your email must include: your name, relevant academic discipline, and the specific position for which you are applying for. All application packets must include the following attachments:

1. Your detailed and current CV with publication (*Asterisk to indicate corresponding author, include Indexing & Quartile);
2. Cover letter;
3. List of courses from the above that the candidate can support;
4. Evidence of academic qualifications (Bachelor, Master & PhD Certificate; Bachelor, Master & PhD Transcripts and Professional Certificates);
5. 3-5 Full-Text publications (if applicable);
6. Teaching evaluation (if applicable);
7. Two academic references (at least one of them is the applicant’s current/most recent employer).

The positions will remain open until filled, but priority will be given to applications received by 13 December 2024.

Closing date for applications:

Contact: Iftekhar Salam

Event date: 29 October to 31 October 2025

Event date: 17 August to 21 August 2025
Submission deadline: 13 February 2025
Notification: 3 May 2025

The Messaging Layer Security (MLS) protocol, recently standardized in RFC 9420, aims to provide efficient asynchronous group key establishment with strong security guarantees. The main component of MLS, which is the source of its important efficiency and security properties, is a protocol called TreeKEM. Given that a major vision for the MLS protocol is for it to become the new standard for messaging applications like WhatsApp, Facebook Messenger, Signal, etc., it has the potential to be used by a huge number of users. Thus, it is important to better understand the security of MLS and hence also of TreeKEM. In a previous work by Klein et. al, TreeKEM was proven adaptively secure in the Random Oracle Model (ROM) with a polynomial loss in security by proving a result about the security of an arbitrary IND-CPA secure public-key encryption scheme in a public-key version of the Generalized Selective Decryption (GSD) security game.

In this work, we prove a tighter bound for the security of TreeKEM. We follow the approach in the aforementioned work and first introduce a modified version of the public-key GSD game better suited for analyzing TreeKEM. We then provide a simple and detailed proof of security for a specific encryption scheme, the DHIES scheme (currently the only standardized scheme in MLS), in this game in the ROM and achieve a tighter bound compared to the result from Klein et. al. We also define and describe the syntax and security of TreeKEM-like schemes and state a result linking the security of TreeKEM with security in our GSD game in the ROM.

We initiate the study of the black-box complexity of private-key functional encryption (FE). Of central importance in the private-key setting is the inner-product functionality, which is currently only known from assumptions that imply public-key encryption, such as Decisional Diffie-Hellman or Learning-with-Errors. As our main result, we rule out black-box constructions of private-key inner-product FE from random oracles. This implies a black-box separation between private-key inner-product FE from all symmetric-key primitives implied by random oracles (e.g., symmetric-key encryption and collision-resistant hash functions).

Proving lower bounds for private-key functional encryption schemes introduces challenges that were absent in prior works. In particular, the combinatorial techniques developed by prior works for proving black-box lower bounds are only useful in the public-key setting and predicate encryption settings, which all fail for the private-key FE case. Our work develops novel combinatorial techniques based on Fourier analysis to overcome these barriers. We expect these techniques to be widely useful in future research in this area.

Given the devastating security compromises caused by side-channel attacks on existing classical systems, can we store our private data encoded as a quantum state so that they can be kept private in the face of arbitrary side-channel attacks?

The unclonable nature of quantum information allows us to build various quantum protection schemes for cryptographic information such as secret keys. Examples of quantum protection notions include copy-protection, secure leasing, and finally, unbounded leakage-resilience, which was recently introduced by Çakan, Goyal, Liu-Zhang and Ribeiro (TCC'24). Çakan et al show that secrets of various cryptographic schemes (such as cryptographic keys or secret shares) can be protected by storing them as quantum states so that they satisfy LOCC (local operation and classical communication) leakage-resilience: the scheme can tolerate any unbounded amount of adaptive leakage over unbounded rounds. As a special case (dubbed $1$-round leakage), this also means that those quantum states cannot be converted to classical strings (without completely losing their functionality).

In this work, we continue the study of unbounded/LOCC leakage-resilience and consider several new primitive. In more details, we build ciphertexts, signatures and non-interactive zero-knowledge proofs with unbounded leakage-resilience. We show the following results.

- Assuming the existence of a classical $X \in \{\text{secret-key encryption}, \text{public-key encryption}\}$ scheme, we construct an $X$ scheme with LOCC leakage-resilient ciphertexts. This guarantees that an adversary who obtains LOCC-leakage on ciphertexts cannot learn anything about their contents, even if they obtain the secret key later on.

- Assuming the existence of a classical signature scheme and indistinguishability obfuscation (iO), we construct a signature scheme with LOCC leakage-resilient signatures. This guarantees that an adversary who obtains LOCC-leakage on various signatures cannot produce any valid signatures at all other than the ones it obtained honestly!

- Assuming the existence of one-way functions and indistinguishability obfuscation (iO), we construct a NIZK proof system with LOCC leakage-resilient proofs. This guarantees that an adversary who obtains LOCC-leakage on a NIZK proof of an hard instance cannot produce a valid proof!

The National Institute for Standards and Technology (NIST) initiated a standardization procedure for additional digital signatures and recently announced round-2 candidates for the PQ additional digital signature schemes. The multivariate digital signature scheme Unbalanced Oil and Vinegar (UOV) is one of the oldest post-quantum schemes and has been selected by NIST for Round 2. Although UOV is mathematically secure, several side-channel attacks (SCA) have been shown on the UOV or UOV-based digital signatures. We carefully analyze the sensitivity of variables and operations in the UOV scheme from the side-channel perspective and show which require protection. To mitigate implementation-based SCA, we integrate a provably secure arbitrary-order masking technique with the key generation and signature generation algorithms of UOV. We propose efficient techniques for the masked dot-product and matrix-vector operations, which are both critical in multivariate DS schemes. We also implemented and demonstrate the practical feasibility of our masking algorithms for UOV-Ip on the ARM Cortex-M4 microcontroller. Our first-order masked UOV implementations have $2.7\times$ and $3.6\times$ performance overhead compared to the unmasked scheme for key generation and signature generation algorithms. Our first-order masked UOV implementations use $1.3\times$ and $1.9\times$ stack memory rather than the unmasked version of the key generation and signature generation algorithms.