International Association for Cryptologic Research

International Association
for Cryptologic Research

IACR News

Here you can see all recent updates to the IACR webpage. These updates are also available:

email icon
via email
RSS symbol icon
via RSS feed

02 December 2024

King's College London
Job Posting Job Posting

We are inviting applications for a PhD studentship in the cryptography lab at King’s College London. Specifically, we are looking for an applicant to work with us in the area of lattice-based cryptography. We are particularly interested in the study of and constructions from new lattice-based assumptions and privacy-preserving technologies based on lattices.

The PhD could cover studying the underlying hard mathematical problems, cryptanalysis, constructions or applications of lattice-techniques. This can cover post-quantum aspects of lattice-based cryptography and/or advanced functionalities.

The applicant would work with Martin Albrecht, Ngoc Khanh Nguyen and/or Eamonn Postlethwaite. We encourage applicants to reach out to Martin to discuss the position informally before applying.

Fine print. This is a fully-funded positions covering both fees and maintenance. The latter is at the UKRI rate. Funded by UKRI Frontier Research. We seek applicants with a strong background in mathematics and/or computer science. We will consider applications on a rolling basis.

Closing date for applications:

Contact: Martin Albrecht (martin.albrecht@kcl.ac.uk)

More information: https://martinralbrecht.wordpress.com/2024/11/29/phd-position-in-lattice-based-cryptography/

Expand
Monash University, Melbourne, Australia
Job Posting Job Posting

The post-quantum cryptography research group at the Department of Software Systems and Cybersecurity, Faculty of Information Technology, Monash University, Australia, has 3 fully funded Ph.D. student scholarship openings for research projects funded by Australian Research Council - Discovery Projects 2025, including in particular the following areas:

  • Developing tools and techniques for FHE-based private cloud computation applications.
  • Theory and applications of zk-SNARKS in FHE-based cloud computation.
  • Secure and Efficient Implementations of zk-SNARK and FHE schemes and their applications.

Students will have the opportunity to work in an excellent research environment and collaborate with experts in cryptography and with Cryptolab industry partners.

Monash University is among the leading universities in Australia and is located in Melbourne, ranked as Australia's most liveable city and among the most liveable cities in the world.

Applicants should have (or be expected to complete in the next 12 months) a Masters or Honours equivalent qualification with a research thesis, with excellent grades in mathematics, theoretical computer science, cryptography, engineering or closely related areas. They should have excellent English verbal and written communication skills. Programming experience and skills, especially in Sagemath, Python, Magma, and/or C/C++, are also highly desirable.

To apply: please send a copy of your CV and all your transcripts (bachelor and/or master) by 1st Feb 2025 to

Closing date for applications:

Contact: Amin Sakzad (amin.sakzad@monash.edu)

Expand
Ethereum Foundation
Job Posting Job Posting
Ethereum Foundation launches a big initiative aimed to boost the third-party cryptanalysis of the Poseidon hash function. It provides bounties for breaking reduced-round versions, awards for research papers describing theoretical attacks, and grants for detailed investigation of certain gaps in the existing analysis. The total fund is $500 000.

Closing date for applications:

Contact: Ethereum Foundation Poseidon Group

More information: https://www.poseidon-initiative.info/

Expand
University of Sheffield
Job Posting Job Posting
We are offering fully funded PhD opportunities at the University of Sheffield, UK. Requirements for Ph.D. Position • Completed Master’s degree (or equivalent) at a top university in information security, computer science, applied mathematics, electrical engineering, or a similar area • Research experience (such as publishing papers as a first author in reputable venues) • Self-motivated, reliable, creative, can work in a team and wants to do excellent research on challenging scientific problems with practical relevance How to apply? Please send me your CV with detailed information. Contact: Dr Aryan Pasikhani aryan.pasikhani@sheffield.ac.uk

Closing date for applications:

Contact: Dr Aryan Pasikhani aryan.pasikhani@sheffield.ac.uk

Expand
Carnegie Mellon University, CyLab; Pittsburgh, PA, USA
Job Posting Job Posting

The CyLab Security and Privacy Institute at Carnegie Mellon University is leading a university-wide priority hiring search for tenure-track faculty who focus on security or privacy and will be appointed in relevant academic departments throughout the university.

CyLab is a university-wide umbrella organization that works to catalyze, support, promote, and strengthen collaborative security and privacy research and education across departments, disciplines, and geographic boundaries to achieve significant impact on research, education, public policy, and practice. Successful applicants will be appointed in the most relevant department or jointly in two departments, depending on research focus and needs.

CyLab welcomes applicants with research and teaching interests that fit within the broad computer security and privacy space. Areas of interest include, but are not limited to, systems security, software security, hardware security, applied cryptography, usable privacy and security, security and privacy policy, national and international cybersecurity policy, economics of security and privacy, security and privacy of AI/ML and using AI/ML for security and privacy, blockchain security and privacy, security for cyber physical systems, security and privacy of robotics and autonomous systems, and privacy engineering.

We are especially interested in candidates with diverse backgrounds and a demonstrated commitment to excellence and leadership in research, undergraduate and graduate teaching, and service towards building an equitable and diverse scholarly community.

Carnegie Mellon considers applicants for employment without regard to, and does not discriminate on the basis of, gender, race, protected veteran status, disability, sexual orientation, gender identity, and any additional legally protected status.

Applications should be submitted through the CyLab Interfolio site by December 11, 2024: https://apply.interfolio.com/151331 Opens in new window. Applications may be shared with members of any of the participating departments. See https://www.cylab.cmu.edu/about/hiring.html for more information.

Closing date for applications:

Contact: Lujo Bauer or Sarah Scheffler, cylab-faculty-search@andrew.cmu.edu

More information: https://www.cylab.cmu.edu/about/hiring.html

Expand
Riverside Research
Job Posting Job Posting
Riverside Research is an independent National Security Nonprofit dedicated to research and development in the national interest. We provide high-end technical services, research and development, and prototype solutions to some of the country’s most challenging technical problems. All Riverside Research opportunities require U.S. Citizenship. The cryptographer will contribute to a team responsible for researching and developing cryptographic solutions. They will be expected to conduct in-depth mathematical analysis of cryptographic protocols and cryptographic primitives. Moreover, they will be expected to develop, test, debug, and push both code and documentation. Additionally, they should have demonstrable experience in one high-level language (e.g., Python, MATLAB) and C/C++.  Additionally, they should have the writing skills necessary to communicate their ideas and results to internal and external stakeholders. Furthermore, they will also contribute to technical marketing and proposal writing in their research area in addition to interfacing with team members across Riverside Research locations. Job Responsibilities: -Develop, test, optimize and verify cryptographic algorithms -Perform in-depth mathematical/statistical analysis on algorithms and their output -Integrate algorithms into larger security solutions -Contribute to whitepapers and/or published papers that document innovative work performed -Collaborate with team members on debugging, reviewing papers/proposals, etc. -Participate in relevant internal and customer meetings, including overnight travel -Support Principal Investigators and Program Managers in the development of program documentation and other tasking Required Qualifications: Active TS clearance Must be willing to work onsite 75-85% of time Strong background in cryptology (cryptography and cryptanalysis), primarily the mathematical/computational underpinnings 2 years direct experience in developing/analyzing cryptographic algorithms Familiarity with cryptographic primitives (both “classical” and PQC) MS in mathematics, computer science or related field Demonstrated proficiency in Python (or MATLAB) and C/C++

Closing date for applications:

Contact: Colette Bryan

More information: https://careers-riversideresearch.icims.com/jobs/3539/cryptographer/job?mode=view&mobile=false&width=754&height=500&bga=true&needsRedirect=false&jan1offset=-300&jun1offset=-240

Expand
Award Award
We are proud to announce the winners of the 2024 IACR Test-of-Time Award for Asiacrypt.

The IACR Test-of-Time Award honors papers published at the 3 IACR flagship conferences 15 years ago which have had a lasting impact on the field.

The Test-of-Time award for Asiacrypt 2009 is awarded to the following two papers:

Fiat-Shamir with aborts:Applications to lattice and factoring-based signatures, by Vadim Lyubashevsky
For inventing the abort technique in the Fiat-Shamir transformation, which became the foundation of the NIST-standardized Dilithium lattice-based signature scheme.


Efficient public key encryption based on ideal lattices, by Damien Stehlé, Ron Steinfeld, Keisuke Tanaka and Keita Xagawa
For introducing the first efficient public-key encryption scheme with security based on the worst-case hardness of the approximate Shortest Vector Problem in structured ideal lattices.


Expand
Sela Navot, Stefano Tessaro
ePrint Report ePrint Report
This paper initiates the study of one-more unforgeability for multi-signatures and threshold signatures as a stronger security goal, ensuring that ℓ executions of a signing protocol cannot result in more than ℓ signatures. This notion is widely used in the context of blind signatures, but we argue that it is a convenient way to model strong unforgeability for other types of distributed signing protocols. We provide formal security definitions for one-more unforgeability (OMUF) and show that the HBMS multi-signature scheme does not satisfy this definition, whereas MuSig and MuSig2 do. We also show that mBCJ multi-signautres do not satisfy OMUF, as well as expose a subtle issue with their existential unforgeability (which does not contradict their original security proof). For threshold signatures, we show that FROST satisfies OMUF, but ROAST does not.
Expand
Jakob Burkhardt, Hannah Keller, Claudio Orlandi, Chris Schwiegelshohn
ePrint Report ePrint Report
We explore the use of distributed differentially private computations across multiple servers, balancing the tradeoff between the error introduced by the differentially private mechanism and the computational efficiency of the resulting distributed algorithm.

We introduce the linear-transformation model, where clients have access to a trusted platform capable of applying a public matrix to their inputs. Such computations can be securely distributed across multiple servers using simple and efficient secure multiparty computation techniques.

The linear-transformation model serves as an intermediate model between the highly expressive central model and the minimal local model. In the central model, clients have access to a trusted platform capable of applying any function to their inputs. However, this expressiveness comes at a cost, as it is often expensive to distribute such computations, leading to the central model typically being implemented by a single trusted server. In contrast, the local model assumes no trusted platform, which forces clients to add significant noise to their data. The linear-transformation model avoids the single point of failure for privacy present in the central model, while also mitigating the high noise required in the local model.

We demonstrate that linear transformations are very useful for differential privacy, allowing for the computation of linear sketches of input data. These sketches largely preserve utility for tasks such as private low-rank approximation and private ridge regression, while introducing only minimal error, critically independent of the number of clients. Previously, such accuracy had only been achieved in the more expressive central model.
Expand
David Pointcheval, Robert Schädlich
ePrint Report ePrint Report
Multi-input Attribute-Based Encryption (ABE) is a generalization of key-policy ABE where attributes can be independently encrypted across several ciphertexts, and a joint decryption of these ciphertexts is possible if and only if the combination of attributes satisfies the policy of the decryption key. We extend this model by introducing a new primitive that we call Multi-Client ABE (MC-ABE), which provides the usual enhancements of multi-client functional encryption over multi-input functional encryption. Specifically, we separate the secret keys that are used by the different encryptors and consider the case that some of them may be corrupted by the adversary. Furthermore, we tie each ciphertext to a label and enable a joint decryption of ciphertexts only if all ciphertexts share the same label. We provide constructions of MC-ABE for various policy classes based on SXDH. Notably, we can deal with policies that are not a conjunction of local policies, which has been a limitation of previous constructions from standard assumptions.

Subsequently, we introduce the notion of Multi-Client Predicate Encryption (MC-PE) which, in contrast to MC-ABE, does not only guarantee message-hiding but also attribute-hiding. We present a new compiler that turns any constant-arity MC-ABE into an MC-PE for the same arity and policy class. Security is proven under the LWE assumption.
Expand
Asmita Adhikary, Giacomo Tommaso Petrucci, Philippe Tanguy, Vianney Lapôtre, Ileana Buhan
ePrint Report ePrint Report
Identifying and mitigating vulnerable locations to fault injections requires significant expertise and expensive equipment. Fault injections can damage hardware, cause software crashes, and pose safety and security hazards. Simulating fault injections offers a safer alternative, and fault simulators have steadily developed, though they vary significantly in functionality, target applications, fault injection methods, supported fault models, and guarantees. We present a taxonomy categorizing fault simulators based on their target applications and development cycle stages, from source code to final product. Our taxonomy provides insights and comparisons to highlight open problems.
Expand
Kyeongtae Lee, Seongho Park, Byeongjun Jang, Jihye Kim, Hyunok Oh
ePrint Report ePrint Report
In this paper, we propose $\textsf{LiLAC}$, a novel field-agnostic, transparent multilinear polynomial commitment scheme (MLPCS) designed to address key challenges in polynomial commitment systems. For a polynomial with $N$ coefficients, $\textsf{LiLAC}$ achieves $\mathcal{O}(N)$ prover time, $\mathcal{O}(\log N)$ verifier time, and $\mathcal{O}(\log N)$ proof size, overcoming the limitations of $\mathcal{O}(\log^2 N)$ verification time and proof size without any increase in other costs. This is achieved through an optimized polynomial commitment strategy and the recursive application of the tensor IOPP, making $\textsf{LiLAC}$ both theoretically optimal and practical for large-scale applications. Furthermore, $\textsf{LiLAC}$ offers post-quantum security, providing robust protection against future quantum computing threats.

We propose two constructions of $\textsf{LiLAC}$: a field-agnostic $\textsf{LiLAC}$ and a field-specific $\textsf{LiLAC}$. Each construction demonstrates superior performance compared to the state-of-the-art techniques in their respective categories of MLPCS. First, the field-agnostic $\textsf{LiLAC}$ is compared against Brakedown (CRYPTO 2023), which is based on a tensor IOP and satisfies field-agnosticity. In experiments conducted over a 128-bit field with a coefficient size of $2^{30}$, the field-agnostic $\textsf{LiLAC}$ achieves a proof size that is $3.7\times$ smaller and a verification speed that is $2.2\times$ faster, while maintaining a similar proof generation time compared to Brakedown. Furthermore, the field-specific $\textsf{LiLAC}$ is evaluated against WHIR (ePrint 2024/1586), which is based on an FRI. With a 128-bit field and a coefficient size of $2^{30}$, the field-specific $\textsf{LiLAC}$ achieves a proof generation speed that is $2.8\times$ faster, a proof size that is $27\%$ smaller, and a verification speed that is $14\%$ faster compared to WHIR.
Expand
Mojtaba Fadavi, Sabyasachi Karati, Aylar Erfanian, Reihaneh Safavi-Naini
ePrint Report ePrint Report
A group signatures allows a user to sign a message anonymously on behalf of a group and provides accountability by using an opening authority who can ``open'' a signature and reveal the signer's identity. Group signatures have been widely used in privacy-preserving applications including anonymous attestation and anonymous authentication. Fully dynamic group signatures allow new members to join the group and existing members to be revoked if needed. Symmetric-key based group signature schemes are post-quantum group signatures whose security rely on the security of symmetric-key primitives such as cryptographic hash functions and pseudorandom functions.

In this paper, we design a symmetric-key based fully dynamic group signature scheme, called DGMT, that redesigns DGM (Buser et al. ESORICS 2019) and removes its two important shortcomings that limit its application in practice: (i) interaction with the group manager for signature verification, and (ii) the need for storing and managing an unacceptably large amount of data by the group manager. We prove security of DGMT (unforgeability, anonymity, and traceability) and give a full implementation of the system. Compared to all known post-quantum group signature schemes with the same security level, DGMT has the shortest signature size. We also analyze DGM signature revocation approach and show that despite its conceptual novelty, it has significant hidden costs that makes it much more costly than using traditional revocation list approach.
Expand
Nikita Snetkov, Jelizaveta Vakarjuk, Peeter Laud
ePrint Report ePrint Report
Smart-ID is an application for signing and authentication provided as a service to residents of Belgium, Estonia, Latvia and Lithuania. Its security relies on multi-prime server-supported RSA, password-authenticated key shares and clone detection mechanism. Unfortunately, the security properties of the underlying protocol have been specified only in ``game-based'' manner. There is no corresponding ideal functionality that the actual protocol is shown to securely realize in the universal composability (UC) framework. In this paper, we remedy that shortcoming, presenting the functionality (optionally parameterized with a non-threshold signature scheme) and prove that the existing Smart-ID protocol securely realizes it. Additionally, we present a server-supported protocol for generating ECDSA signatures and show that it also securely realizes the proposed ideal functionality in the Global Random Oracle Model (UC+GROM).
Expand
Seyed MohammadReza Hosseini, Hossein Pilaram
ePrint Report ePrint Report
One of the most crucial measures to maintain data security is the use of cryptography schemes and digital signatures built upon cryptographic algorithms. The resistance of cryptographic algorithms against conventional attacks is guaranteed by the computational difficulties and the immense amount of computation required to them. In the last decade, with the advances in quantum computing technology and the realization of quantum computers, which have higher computational power compared to conventional computers and can execute special kinds of algorithms (i.e., quantum algorithms), the security of many existing cryptographic algorithms has been questioned. The reason is that by using quantum computers and executing specific quantum algorithms through them, the computational difficulties of conventional cryptographic algorithms can be reduced, which makes it possible to overcome and break them in a relatively short period of time. Therefore, researchers began efforts to find new quantum-resistant cryptographic algorithms that would be impossible to break, even using quantum computers, in a short time. Such algorithms are called post-quantum cryptographic algorithms. In this article, we provide a comprehensive review of the challenges and vulnerabilities of different kinds of conventional cryptographic algorithms against quantum computers. Afterward, we review the latest cryptographic algorithms and standards that have been proposed to confront the threats posed by quantum computers. We present the classification of post-quantum cryptographic algorithms and digital signatures based on their technical specifications, provide examples of each category, and outline the strengths and weaknesses of each category.
Expand
Asier Gambra, Durba Chatterjee, Unai Rioja, Igor Armendariz, Lejla Batina
ePrint Report ePrint Report
Voltage fault injection attacks are a particularly powerful threat to secure embedded devices because they exploit brief, hard-to-detect power fluctuations causing errors or bypassing security mechanisms. To counter these attacks, various detectors are employed, but as defenses strengthen, increasingly elusive glitches continue to emerge. Artificial intelligence, with its inherent ability to learn and adapt to complex patterns, presents a promising solution. This research presents an AI-driven voltage fault injection detector that analyzes clock signals directly. We provide a detailed fault characterization of the STM32F410 microcontroller, emphasizing the impact of faults on the clock signal. Our findings reveal how power supply glitches directly impact the clock, correlating closely with the amount of power injected. This led to developing a lightweight Multi-Layer Perceptron model that analyzes clock traces to distinguish between safe executions, glitches that keep the device running but may introduce faults, and glitches that cause the target to reset. While previous fault injection AI applications have primarily focused on parameter optimization and simulation assistance, in this work we use the adaptability of machine learning to create a fault detection model that is specifically adjusted to the hardware that implements it. The developed glitch detector has a high accuracy showing this a promising direction to combat FI attacks on a variety of platform.
Expand
Nicholas Brandt, Mia Filić, Sam A. Markelon
ePrint Report ePrint Report
Key Transparency (KT) systems have emerged as a critical technology for securely distributing and verifying the correctness of public keys used in end-to-end encrypted messaging services. Despite substantial academic interest, increased industry adoption, and IETF standardization efforts, KT systems lack a holistic and formalized security model, limiting their resilience to practical threats and constraining future development. In this paper, we introduce the first cryptographically sound formalization of KT as an ideal functionality, clarifying the assumptions, security properties, and potential vulnerabilities of deployed KT systems. We identify a significant security concern — a possible impersonation attack by a malicious service provider — and propose a backward-compatible solution. Additionally, we address a core scalability bottleneck by designing and implementing a novel, privacy-preserving verifiable Bloom filter (VBF) that significantly improves KT efficiency without compromising security. Experimental results demonstrate the effectiveness of our approach, marking a step forward in both the theoretical and practical deployment of scalable KT solutions.
Expand
Yackolley Amoussou-Guenou, Maurice Herlihy, Maria Potop Butucaru
ePrint Report ePrint Report
The paper promotes a new design paradigm for Byzantine tolerant distributed algorithms using trusted abstractions (oracles) specified in a functional manner. The contribution of the paper is conceptual. The objective here is to design distributed fundamental algorithms such as reliable broadcast and asynchronous byzantine consensus using trusted execution environments and to help designers to compare various solutions on a common ground. In this framework we revisit the Bracha's seminal work on Asynchronous Byzantine Consensus. Our solution uses trusted monotonic counters abstraction and tolerates $t$ Byzantine processes in a system with $n$ processes, $n \geq 2t+1$. The keystone of our construction is a novel and elegant Byzantine Reliable Broadcast algorithm resilient to $t
Expand
Jiacheng Gao, Yuan Zhang, Sheng Zhong
ePrint Report ePrint Report
Shuffle is a frequently used operation in secure multiparty computations, with various applications, including joint data analysis and anonymous communication systems. Most existing MPC shuffle protocols are constructed from MPC permutation protocols, which allows a party to securely apply its private permutation to an array of $m$ numbers shared among all $n$ parties. Following a ``permute-in-turn'' paradigm, these protocols result in $\Omega(n^2m)$ complexity in the semi-honest setting. Recent works have significantly improved efficiency and security by adopting a two-phase solution. Specifically, Eskandarian and Boneh demonstrate how to construct MPC shuffle protocols with linear complexity in both semi-honest and malicious adversary settings. However, a more recent study by Song et al. reveals that Eskandarian and Boneh's protocol fails to achieve malicious security. Consequently, designing an MPC shuffle protocol with linear complexity and malicious security remains an open question. In this paper, we address this question by presenting the first general construction of MPC shuffle protocol that is maliciously secure and has linear online communication and computation complexity, utilizing black-box access to secure arithmetic MPC primitives and MPC permutation protocol. When instantiating our construction with the SPDZ framework and the best existing malicious secure MPC shuffle, our construction only slightly increases the offline overhead compared to the semi-honest secure version, and thus achieve a linear online phase almost for free. As our constructions requires only black-box access to basic secure MPC primitives and permutation protocols, they are compatible with and can be integrated to most modern MPC frameworks. We provide formal security proofs for both semi-honest and malicious settings, demonstrating that our maliciously secure construction can achieve universally composable security. Experimental results indicate that our construction significantly enhances online performance while maintaining a moderate increase in offline overhead. Given that shuffle is a frequently used primitive in secure multiparty computation, we anticipate that our construction will accelerate many real-world MPC applications.
Expand
Sofiane Azogagh, Zelma Aubin Birba, Marc-Olivier Killijian, Félix Larose-Gervais
ePrint Report ePrint Report
In this paper we present RevoLUT, a library implemented in Rust that reimagines the use of Look-Up-Tables (LUT) beyond their conventional role in function encoding, as commonly used in TFHE's programmable boostrapping. Instead, RevoLUT leverages LUTs as first class objects, enabling efficient oblivious operations such as array access, elements sorting and permutation directly within the table. This approach supports oblivious algortithm, providing a secure, privacy-preserving solution for handling sensitive data in various applications.
Expand
◄ Previous Next ►