International Association
for Cryptologic Research

In this paper, we put forward a new practical application of Inner-Product Functional Encryption (IPFE) that we call Message Selection functional encryption (M-Sel) which allows users to decrypt selected portions of a ciphertext. In a message selection functional encryption scheme, the plaintext is partitioned into a set of messages M = {m1, . . . , mt}. The encryption of M consists in encrypting each of its elements using distinct encryption keys. A user with a functional decryption key skx derived from a selection vector x can access a subset of M from the encryption thereof and nothing more. Our construction is generic and combines a symmetric encryption scheme and an inner product functional encryption scheme, therefore, its security is tied to theirs. By instantiating our generic construction from a DDH-based IPFE we obtain a message selection FE with constant-size decryption keys suitable for key storage in lightweight devices in the context of Internet of Things (IoT).

The interest in realizing generic PQC KEM-based PAKEs has increased significantly in the last few years. One such PAKE is the CAKE protocol, proposed by Beguinet et al. (ACNS ’23). However, despite its simple design based on the well-studied PAKE protocol EKE by Bellovin and Merritt (IEEE S&P ’92), both CAKE and its variant OCAKE do not fully protect against quantum adversaries, as they rely on the Ideal Cipher (IC) model. Related and follow-up works, including Pan and Zeng (ASIACRYPT ’23), Dos Santos et al. (EUROCRYPT ’23), Alnahawi et al. (CANS ’24), and Arragia et al. (IACR ’24/308) although touching on that issue, still rely on an IC. Considering the lack of a quantum IC model and the difficulty of using the classical IC to achieve secure instantiations on public keys in general and PQC in particular, we set out to eliminate it from PAKE design. In this paper, we present the No IC Encryption (NICE)-PAKE, a (semi)-generic PAKE framework providing a quantum-safe alternative for the IC, utilizing simpler cryptographic components for the authentication step. To give a formal proof for our construction, we introduce the notions of A-Part-Secrecy (A-SEC-CCA), Splittable Collision Freeness (A-CFR-CCA) and Public Key Uniformity (SPLIT-PKU) for splittable LWE KEMs. We show the relation of the former to the Non-uniform LWE and the Weak Hint LWE assumptions, as well as its application to ring and module LWE. Notably, this side quest led to some surprising discoveries, as we concluded that the new notion is not directly interchangeable between the LWE variants, or at least not in a straightforward manner. Further, we show that our approach requires some tedious tweaking for the parameter choices in both FrodoKEM and CRYSTALS-Kyber to obtain a secure PAKE construction. We also address some fundamental issues with the common IC usage and identify differences between lattice KEMs regarding their suitability for generic PQC PAKEs, especially regarding the structure of their public keys. We believe that this work marks a further step towards achieving complete security against quantum adversaries in PQC PAKEs.

Recently, Francati et al. (Asiacrypt 2023) provided the first registered functional encryption (Reg-FE) beyond predicates. Reg-FE addresses the key escrow problem in functional encryption by allowing users to generate their own key pairs, effectively replacing the traditional private-key generator with a key curator. The key curator holds no secret information and runs deterministic algorithms to generate master public key for encryption and helper keys for decryption. However, existing Reg-FE schemes under standard assumptions require fixed data sizes, which limits their practicality in real-world applications. In this work, we introduce Multi-Function Registered Functional Encryption for Inner-Product (MultiReg-FE for IP), a novel extension of Reg-FE. It enables users to register multiple functions under a single public key. With MultiReg-FE, we achieve both Reg-FE for Unbounded Inner-Product (Unbounded IP), which removes the need to predetermine vector lengths, and Reg-FE for Attribute-Weighted Sums with Inner-Product (AWSw/IP), allowing computations over arbitrary numbers of attribute-value pairs. All our schemes achieve adaptive-IND-security. Specifically, we present: -MultiReg-FE for Inner-Product, which supports unbounded number of function vectors from each user. - Reg-FE for Unbounded Inner-Product, removing the need for preset vector lengths. - The first Reg-FE for AWSw/IP in public-key settings.

We propose plausible post-quantum (PQ) oblivious pseudorandom functions (OPRFs) based on the Power Residue PRF (Damgård CRYPTO’88), a generalization of the Legendre PRF. For security parameter $\lambda$, we consider the PRF $\mathsf{Gold}_k(x)$ that maps an integer $x$ modulo a public prime $p = 2^\lambda\cdot g + 1$ to the element $(k + x)^g \bmod p$, where $g$ is public and $\log g \approx 2\lambda$.

At the core of our constructions are efficient novel methods for evaluating $\mathsf{Gold}$ within two-party computation ($\mathsf{2PC}\text{-}\mathsf{Gold}$), achieving different security requirements. Here, the server $\mathcal{P}_s$ holds the PRF key $k$ whereas the client $\mathcal{P}_c$ holds the PRF input $x$, and they jointly evaluate $\mathsf{Gold}$ in 2PC. $\mathsf{2PC}\text{-}\mathsf{Gold}$ uses standard Vector Oblivious Linear Evaluation (VOLE) correlations and is information-theoretic and constant-round in the (V)OLE-hybrid model. We show:

• For a semi-honest $\mathcal{P}_s$ and a malicious $\mathcal{P}_c$: a $\mathsf{2PC}\text{-}\mathsf{Gold}$ that just uses a single (V)OLE correlation, and has a communication complexity of $3$ field elements ($2$ field elements if we only require a uniformly sampled key) and a computational complexity of $\mathcal{O}(\lambda)$ field operations. We refer to this as half-malicious security.

• For malicious $\mathcal{P}_s$ and $\mathcal{P}_c$: a $\mathsf{2PC}\text{-}\mathsf{Gold}$ that just uses $\frac{\lambda}{4} + \mathcal{O}(1)$ VOLE correlations, and has a communication complexity of $\frac{\lambda}{4} + \mathcal{O}(1)$ field elements and a computational complexity of $\mathcal{O}(\lambda)$ field operations.

These constructions support additional features and extensions, e.g., batched evaluations with better amortized costs where $\mathcal{P}_c$ repeatedly evaluates the PRF under the same key.

Furthermore, we extend $\mathsf{2PC}\text{-}\mathsf{Gold}$ to Verifiable OPRFs and use the methodology from Beullens et al. (ePrint’24) to obtain strong OPRF security in the universally composable setting.

All the protocols are efficient in practice. We implemented $\mathsf{2PC}\text{-}\mathsf{Gold}$—with (PQ) VOLEs—and benchmarked them. For example, our half-malicious (resp. malicious) $n$-batched PQ OPRFs incur about $100$B (resp. $1.9$KB) of amortized communication for $\lambda = 128$ and large enough $n$.

One-more problems like One-More Discrete Logarithm (OMDL) and One-More Diffie--Hellman (OMDH) have found wide use in cryptography, due to their ability to naturally model security definitions for interactive primitives like blind signatures and oblivious PRF. Furthermore, a generalization of OMDH called Threshold OMDH (TOMDH) has proven useful for building threshold versions of interactive protocols. However, due to their complexity it is often unclear how hard such problems actually are, leading cryptographers to analyze them in idealized models like the Generic Group Model (GGM) and Algebraic Group Model (AGM). In this work we give a complete characterization of known group-based one-more problems in the AGM, using the $Q$-DL hierarchy of assumptions defined in the work of Bauer, Fuchsbauer and Loss (CRYPTO '20).

1. Regarding (T)OMDH, we show (T)OMDH is part of the $Q$-DL hierarchy in the AGM; in particular, $Q$-OMDH is equivalent to $Q$-DL. Along the way we find and repair a flaw in the original GGM hardness proof of TOMDH, thereby giving the first correct proof that TOMDH is hard in the GGM.

2. Regarding OMDL, we show the $Q$-OMDL problems constitute an infinite hierarchy of problems in the AGM incomparable to the $Q$-DL hierarchy; that is, $Q$-OMDL is separate from $Q'$-OMDL if $Q' \neq Q$, and also separate from $Q'$-DL unless $Q = Q' = 0$.

Fixed point arithmetic (FPA) is essential to enable practical Privacy-Preserving Machine Learning. When multiplying two fixed-point numbers, truncation is required to ensure that the product maintains correct precision. While multiple truncation schemes based on Secure Multiparty Computation (MPC) have been proposed, which of the different schemes offers the best trade-off between accuracy and efficiency on common PPML datasets and models has remained underexplored.

In this work, we study several different stochastic and exact truncation approaches found in the MPC literature that require different slack sizes, i.e., additional bits required by each secret share to ensure correctness. We provide novel, improved construction for each truncation approach in the semi-honest 3-PC and malicious 4-PC settings, which reduce communication and round complexity up to three times. Moreover, we propose a truncation scheme that does not introduce any communication overhead in the online phase and exactly matches the accuracy of plaintext floating-point PyTorch inference of VGG-16 on the ImageNet dataset with over 80% accuracy using shares with a bitlength of only 32. This is the first time that high PPML accuracy is demonstrated on ImageNet.

Gadget-based samplers have proven to be a key component of several cryptographic primitives, in particular in the area of privacy-preserving mechanisms. Most constructions today follow the approach introduced by Micciancio and Peikert (MP) yielding preimages whose dimension linearly grows with that of the gadget. To improve performance, some papers have proposed to truncate the gadget but at the cost of an important feature of the MP sampler, namely the ability to invert arbitrary syndromes. Technically speaking, they replace the worst-case MP sampler by an average-case sampler that can only be used in specific contexts. Far from being a mere theoretical restriction, it prevents the main applications of gadget-based samplers from using truncated variants and thus from benefiting from the associated performance gains. In this paper, we solve this problem by describing a worst-case sampler that still works with truncated gadgets. Its main strength is that it retains the main characteristics of the MP sampler while providing flexibility in the choice of the truncation parameter. As a consequence, it can be used as a plug-in replacement for all applications relying on the MP sampler so far, leading to performance improvements up to 30% as illustrated by several examples in this paper. Our sampler is supported by a thorough security analysis that addresses the hurdles met by previous works and its practicality is demonstrated by a concrete implementation.

Postal voting is a frequently used alternative to on-site voting. Traditionally, its security relies on organizational measures, and voters have to trust many entities. In the recent years, several schemes have been proposed to add verifiability properties to postal voting, while preserving vote privacy. Postal voting comes with specific constraints. We conduct a systematic analysis of this setting and we identify a list of generic attacks, highlighting that some attacks seem unavoidable. This study is applied to existing systems of the literature. We then propose Vote&Check, a postal voting protocol which provides a high level of security, with a reduced number of authorities. Furthermore, it requires only basic cryptographic primitives, namely hash functions and signatures. The security properties are proven in a symbolic model, with the help of the ProVerif tool.

We present a novel protocol for two-party ECDSA that achieves two rounds (a single back-and-forth communication) at the cost of a single oblivious linear function evaluation (OLE). In comparison, the previous work of [DKLs18] (S&P 2018) achieves two rounds at the cost of three OLEs, while [BHL24] (Manuscript 2024) requires expensive zero-knowledge proofs on top of the OLE. We demonstrate this by proving that in the generic group model, any adversary capable of generating forgeries for our protocol can be transformed into an adversary that finds preimages for the ECDSA message digest function (e.g., the SHA family). Interestingly, our analysis is closely related to, and has ramifications for, the `presignatures' mode of operation—[CGGMP20] (CCS 2020), [GroSho22] (EUROCRYPT 2022).

Motivated by applications to embedded cryptocurrency wallets, where a single server maintains distinct, shared public keys with separate clients (i.e., a star-shaped topology), and with the goal of minimizing communication, we instantiate our protocol using Paillier encryption and suitable zero-knowledge proofs. To reduce computational overhead, we thoroughly optimize all components of our protocol under sound cryptographic assumptions, specifically small-exponent variants of RSA-style assumptions.

Finally, we implement our protocol and provide benchmarks. At the 128-bit security level, the signing phase requires approximately 50ms of computation time on a standard linux machine, and 2KB of bandwidth.

Side-Channel Analysis (SCA) exploits physical vulnerabilities in systems to reveal secret keys. With the rise of Internet-of-Things, evaluating SCA attacks has become crucial. Profiling attacks, enhanced by Deep Learning-based Side-Channel Analysis (DLSCA), have shown significant improvements over classical techniques. Recent works demonstrate that ensemble methods outperform single neural networks. However, almost every existing ensemble selection method in SCA only picks the top few best-performing neural networks for the ensemble, which we coined as Greedily-Selected Method (GSM), which may not be optimal. This work proposes Evolutionary Avenger Initiative (EAI), a genetic algorithm-driven ensemble selection algorithm, to create effective ensembles for DLSCA. We investigate two fitness functions and evaluate EAI across four datasets, including \AES and \ascon implementations. We show that EAI outperforms GSM, recovering secrets with the least number of traces. Notably, EAI successfully recovers secret keys for \ascon datasets where GSM fails, demonstrating its effectiveness.

Advancements in deep learning (DL) not only revolutionized many aspects in our lives, but also introduced privacy concerns, because it processed vast amounts of information that was closely related to our daily life. Fully Homomorphic Encryption (FHE) is one of the promising solutions to this privacy issue, as it allows computations to be carried out directly on the encrypted data. However, FHE requires high computational cost, which is a huge barrier to its widespread adoption. Many prior works proposed techniques to enhance the speed performance of FHE in the past decade, but they often impose significant memory requirements, which may be up to hundreds of gigabytes. Recently, focus has shifted from purely improving speed performance to managing FHE’s memory consumption as a critical challenge. Rovida and Leporati introduced a technique to minimize rotation key memory by retaining only essential keys, yet this technique is limited to cases with symmetric numerical patterns (e.g., -2 -1 0 1 2), constraining its broader utility. In this paper, a new technique, Adaptive Rotation Key (ARK), is proposed that minimizes rotation key memory consumption by exhaustively analyzing numerical patterns to produce a minimal subset of shared rotation keys. ARK also provides a dual-configuration option, enabling users to prioritize memory efficiency or computational speed. In memory-prioritized mode, ARK reduces rotation key memory consumption by 41.17% with a 12.57% increase in execution time. For speed-prioritized mode, it achieves a 24.62% rotation key memory reduction with only a 0.21% impact on execution time. This flexibility positions ARK as an effective solution for optimizing FHE across varied use cases, marking a significant advancement in optimization strategies for FHE-based privacy-preserving systems.

The newly formed research group on Foundations of Cryptography at University of Vienna is looking for a PhD candidate interested in theoretical aspects of cryptography. In particular, the candidate will work with Karen Klein-Azari (https://foc.ethz.ch/people/karenklein.html) on topics related to provable security of cryptographic schemes.

The position is fully funded for 4 years with a starting date on 1st of March 2025 (the precise date is negotiable). If you are interested, please find more information on the website of University of Vienna, following the link above.
Application Deadline: 24.12.2024

Closing date for applications:

Contact: Karen Klein-Azari PhD (karen.azari@cs.univie.ac.at)

More information: https://jobs.univie.ac.at/job/University-assistant-predoctoral/1148095101/

Event date: 29 June to 4 July 2025
Submission deadline: 30 January 2025
Notification: 15 February 2025

Telecom Paris is looking for an Associate/Assistant Professor in cybersecurity.

Within the Computer Science and Networks (INFRES) department, the Cryptography and Cybersecurity (C2) team aims to develop skills in various areas of cybersecurity, including (i) security mechanisms for future wireless networks (6G, IIoT, ITS-G5, etc.), (ii) solutions tailored to the security of virtualized architectures and cloud infrastructures, and (iii) advanced detection mechanisms and effective automatic responses to cyberattacks.

Regarding teaching, Telecom Paris has very great needs in cybersecurity, whether to give courses or to manage teaching units. The Associate/Assistant professor recruited will strengthen the school's ability to coordinate, design and implement courses on the security of IT networks and systems, for example in the cloud, radio communications and vehicular networks. It is also expected that the recruited she/he will be able to take part in the general computer science courses taught in the first year.

Closing date for applications:

Contact: Sébastien Canard

More information: https://institutminestelecom.recruitee.com/l/en/o/assistantassociate-professor-in-cybersecurity

Koç University College of Engineering invites applications for full-time faculty positions in Computer Science and Engineering starting in Fall 2025. We seek outstanding candidates with significant contributions in all computer science and engineering research areas.

The ideal candidate will have a visionary research agenda, an exceptional research and publication track record, and a strong commitment to academic excellence and innovation. The successful candidate will demonstrate dedication to undergraduate and graduate education and foster an inclusive learning environment.

Koç University is a private, non-profit institution in Istanbul, Türkiye, where English is the medium of instruction. It hosts the highest number of European Research Council (ERC) Grant recipients in Türkiye and continues to secure the largest research funding from Horizon 2020. The university provides a vibrant interdisciplinary research environment, including the Koç University School of Medicine, Hospital, Translational Medicine Research Center (KUTTAM), and Koç University Is Bank Artificial Intelligence Research Center (KUIS AI). Koç University is home to Türkiye’s largest GPU cluster, providing advanced infrastructure for leading-edge AI research.

The Department of Computer Science and Engineering at Koç University has world-renowned faculty with extensive awards and projects on both national and international levels. Our faculty is a national leader in AI research and is equally strong in high-performance computing (HPC), security, and networks, with a unique emphasis on interdisciplinary work that bridges AI and medicine. For more information about the department and its faculty, please visit cs.ku.edu.tr.

Koç University offers a competitive salary and benefits package, including housing support, private insurance, K-12 education support, and research startup funding.

Application Deadline: Evaluation of applications will begin on January, 20th and continue until all open positions are filled. All applications will be treated confidentially. Apply online via the link: https://academicjobsonline.org/ajo/jobs/29250

Closing date for applications:

Contact: engineering@ku.edu.tr

More information: https://academicjobsonline.org/ajo/jobs/29250

The Center for Security and Privacy at the School of Computer Science of the University of Birmingham has an open PhD position in post-quantum cryptography. The supervision will be shared by Rishiraj Bhattacharyya and Christophe Petit. We invite applications from candidates with interests in Cryptography and Computer Algebra. The ideal candidate will have a strong background in Mathematics, Computer Science, Physics or a related area.

The primary research theme for the call is in the foundations and cryptanalysis of post-quantum cryptosystems. The exact projects could be tailored to match the candidate's background and interests.

The review of applications will start immediately and the call remains open until 28 February 2025. For more information, contact Rishiraj Bhattacharyya (r.bhattacharyya@bham.ac.uk) and Christophe Petit (c.petit.1@bham.ac.uk).

Closing date for applications:

Contact: Rishiraj Bhattacharyya (r.bhattacharyya@bham.ac.uk) and Christophe Petit (c.petit.1@bham.ac.uk)

Event date: 23 May 2025
Submission deadline: 31 January 2025
Notification: 28 February 2025

Event date: 25 June 2025
Submission deadline: 7 March 2025

Event date: 18 April 2025
Submission deadline: 31 December 2024
Notification: 31 January 2025

Xiamen University Malaysia is now seeking highly motivated, committed and qualified individuals for academic teaching positions in computer science and cyber security.

Candidates in computer science and cyber security are welcome to apply. The ideal candidate is expected to be able to support general computing subjects, as well as cyber security specialization subjects. Applicants must possess their first (Bachelor's) degree in computing and PhD in a related discipline.

Applicants with specific teaching and research interests in one or more of the following areas from each group are encouraged to apply:

Cybersecurity

• Network Traffic Monitoring and Analysis
• Malware Analysis
• Cryptanalysis
• Biometrics
• Blockchain Technology
• Cyber Security Laws and Regulations

Computing

• Programming (C, C++, Java)
• Discrete Math
• Data Structure
• Design and Analysis of Algorithms
• Computer Networks and Communication
• Operating Systems
• Big Data Analytics

HOW TO APPLY
Applicants are invited to submit a digital application to recruit_academic@xmu.edu.my and iftekhar.salam@xmu.edu.my. All applications must include the following attachments:

1. Your detailed and current CV with publication (*Asterisk to indicate corresponding author, include Indexing & Quartile);
2. Cover letter;
3. List of courses from the above that the candidate can support;
4. Evidence of academic qualifications (Bachelor, Master & PhD Certificate; Bachelor, Master & PhD Transcripts and Professional Certificates);
5. 3-5 Full-Text publications (if applicable);
6. Teaching evaluation (if applicable);
7. Two academic references (at least one of them is the applicant’s current/most recent employer).

The positions will remain open until filled, but priority will be given to applications received by 13 December 2024.

Closing date for applications:

Contact: Iftekhar Salam